Site-to-Site IPSec VPN between Cisco Router

11-Nov 13.18.26

REQUIREMENTS:
1. The IOS in router must support crypto. In my example, I’ll use c3745-advsecurityk9-mz124-23.image in GNS3 1.1

PC1> ip 192.168.1.2 255.255.255.0 192.168.1.1
Checking for duplicate address…
PC1 : 192.168.1.2 255.255.255.0 gateway 192.168.1.1
PC2> ip 192.168.2.2 255.255.255.0 192.168.2.1
Checking for duplicate address…
PC2 : 192.168.2.2 255.255.255.0 gateway 192.168.2.1

R1#sh run
hostname R1
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
lifetime 3600
crypto isakmp key vpnuser address 10.0.0.12
crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
crypto map mymap 10 ipsec-isakmp
set peer 10.0.0.12
set transform-set myset
match address 100
interface FastEthernet0/0
ip address 10.0.0.11 255.255.255.0
crypto map mymap
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip route 192.168.2.0 255.255.255.0 10.0.0.1
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

R2:
hostname R2
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
lifetime 3600
crypto isakmp key vpnuser address 10.0.0.11
crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
crypto map mymap 10 ipsec-isakmp
set peer 10.0.0.11
set transform-set myset
match address 100
interface FastEthernet0/0
ip address 10.0.0.12 255.255.255.0
crypto map mymap
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
ip route 192.168.1.0 255.255.255.0 10.0.0.1
access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

PC1 ping PC2
PC1> ping 192.168.2.2
192.168.2.2 icmp_seq=1 ttl=62 time=203.618 ms

Advertisements

One thought on “Site-to-Site IPSec VPN between Cisco Router

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s