VPN with Cisco IOS-based Gateway 1

[beatd]

Hi folks,

i have to buid a "hub&spoke-IPSec-VPN" to our customer over the internet with Cisco IOS-based Routers (ISR3845)

gerneral requirements:

hub redundant
different IPSec-tunnels to differnet customer max. (20 tunnels)
different keys fot each IPSec-tunnel
pre-shared-key / 3DES
public addresse for IPSec-tunnels

my question:

why i configure my 2 hub-router refer to my requierements ?

thanks for help beat

 

[JOAMON]

Have you tried looking at the Security Device Manager (SDM) that comes with Cisco Integrated Service Routers. It will aid you in setting that up.

 

[fdurham]

Beat-

While i hate SDM/PDM with a passion, I will agree with JOAMON on this. SDM is the way to go in your case, but learn the ios commands as well. I have a template for you to follow if you want to see a set up for IOS based VPN's.

Frank

 

[beatd]

Hi Frank,

I'm very interested for a ios-based configuration-template.

greetings beat

 

[fdurham]

crypto isakmp policy 10
encr aes 256
hash md5
authentication pre-share
group 2

crypto isakmp key xxxxx address xxx.xxx.xxx.xxx no-xauth

crypto ipsec transform-set vpn0 esp-aes 256 esp-md5-hmac

crypto map vpn 10 ipsec-isakmp
set peer 216.54.200.157
set transform-set vpn0
match address 100

access-list 100 permit ip 192.168.0.0 0.0.0.255 172.0.0.0 0.255.255.255
access-list 100 permit ip <your network> <mask> <remote network> <mask>

Also make sure you add the command crypto map <name of crypto map> to your wan interface. That should give you an idea.

Frank

 

[beatd]

Hi Frank,
thanks for your posting!

Beat