Configuring IPSEC VPN tunnel between cisco routers

Short overview:

The purpose of VPN's is to connect two devices that are geographically apart from each other by creating a logical connection over the wide area network.

VPN's use encryption to ensure that data is kept private and is not altered or manipulated along the path.

Topology:


NorthSite:
NorthSite(config)# interface FastEthernet 0/0
NorthSite(config-if)# ip add 10.1.1.1 255.0.0.0
NorthSite(config-if)# no shut
NorthSite(config-if)# interface vlan 1
NorthSite(config-if)# ip add 192.168.1.1 255.255.255.0
NorthSite(config-if)# exit
NorthSite(config)# ip route 192.168.2.0 255.255.255.0 10.2.2.2
NorthSite(config)# ip route 192.168.3.0 255.255.255.0 10.3.3.3

WestSite:
WestSite(config)# interface FastEthernet 0/0
WestSite(config-if)# ip add 10.2.2.2 255.0.0.0
WestSite(config-if)# no shut
WestSite(config-if)# interface vlan 1
WestSite(config-if)# ip add 192.168.2.1 255.255.255.0
WestSite(config-if)# exit
WestSite(config)# ip route 192.168.1.0 255.255.255.0 10.1.1.1
WestSite(config)# ip access-list extended VPN-TRAFFIC
WestSite(config-ext-nacl)# permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
WestSite(config-ext-nacl)# exit
WestSite(config)# crypto isakmp policy 1
WestSite(config-isakmp)# authentication pre-share
WestSite(config-isakmp)# encryption aes
WestSite(config-isakmp)# encryption aes
WestSite(config-isakmp)# hash md5
WestSite(config-isakmp)# group 2
WestSite(config-isakmp)# lifetime 84600
WestSite(config-isakmp)# exit
WestSite(config)# crypto isakmp key 6 cisco123 address 10.3.3.3
WestSite(config)# crypto ipsec transform-set DATAENC esp-aes 256 esp-md5-hmac
WestSite(cfg-crypto-trans)# exit
WestSite(config)# crypto map WEST-to-EAST 1 ipsec-isakmp
WestSite(config-crypto-map)# set peer 10.3.3.3
WestSite(config-crypto-map)# set transform-set DATAENC
WestSite(config-crypto-map)# match address VPN-TRAFFIC
WestSite(config-crypto-map)# exit
WestSite(config)# int f0/0
WestSite(config-if)# crypto map WEST-to-EAST

EastSite:
EastSite(config)# interface FastEthernet 0/0
EastSite(config-if)# ip add 10.3.3.3 255.0.0.0
EastSite(config-if)# no shut
EastSite(config-if)# interface vlan 1
EastSite(config-if)# ip add 192.168.3.1 255.255.255.0
EastSite(config-if)# exit
EastSite(config)# ip route 192.168.1.0 255.255.255.0 10.1.1.1
EastSite(config)# ip access-list extended VPN-TRAFFIC
EastSite(config-ext-nacl)# permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
EastSite(config-ext-nacl)# exit
EastSite(config)# crypto isakmp policy 1
EastSite(config-isakmp)# authentication pre-share
EastSite(config-isakmp)# encryption aes
EastSite(config-isakmp)# encryption aes
EastSite(config-isakmp)# hash md5
EastSite(config-isakmp)# group 2
EastSite(config-isakmp)# lifetime 84600
EastSite(config-isakmp)# exit
EastSite(config)# crypto isakmp key 6 cisco123 address 10.2.2.2
EastSite(config)# crypto ipsec transform-set DATAENC esp-aes 256 esp-md5-hmac
EastSite(cfg-crypto-trans)# exit
EastSite(config)# crypto map EAST-to-WEST 1 ipsec-isakmp
EastSite(config-crypto-map)# set peer 10.2.2.2
EastSite(config-crypto-map)# set transform-set DATAENC
EastSite(config-crypto-map)# match address VPN-TRAFFIC
EastSite(config-crypto-map)# exit
EastSite(config)# int f0/0
EastSite(config-if)# crypto map EAST-to-WEST
Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)