Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
want to setup vpn between to cisco 831 routers, stuck at phase 2 1
- Thread starter doior
- Start date
-
1
- #2
Try this, should set you off in the right direction:
hostname router
!
enable secret
!
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key secret-key address 1.2.3.4
!
!
crypto ipsec transform-set VPNSet esp-3des esp-md5-hmac
!
crypto map CryptoMap 1 ipsec-isakmp
set peer 1.2.3.4
set transform-set VPNsSet
match address 101
!
!
!
!
int f0
ip addr 10.1.1.1 255.255.255.0
!
interface Serial0
ip address 6.7.8.9 255.255.255.252
ip access-group 120 in
ip verify unicast reverse-path
no ip redirects
no ip proxy-arp
ip mtu 1400
encapsulation ppp
ip tcp adjust-mss 1400
crypto map CryptoMap
!
ip classless
ip route 0.0.0.0 0.0.0.0 <outside-router>
no ip http server
!
!
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 101 permit ip 10.1.1.0 0.0.0.255 172.31.0.0 0.0.255.255
access-list 120 permit esp host <remote-peer> host 1.2.3.4
access-list 120 permit udp host <remote-peer> host 1.2.3.4 eq isakmp
access-list 120 permit ip 172.16.0.0 0.0.255.255 10.1.1.0 0.0.0.255
!
!
line con 0
password cisco
login
line aux 0
password cisco
login
line vty 0 4
access-class 1 in
login local
!
This example uses ACL 101 to encrypt traffic between local network 10.1.1.0/24 and remote
network 172.31.0.0/16.
ACL 120 has to allow the unencrypted traffic in, as decryption takes plae before ACL processing.
This example doesnt provide any firewall or Internet access, its VPN site to site only.
hostname router
!
enable secret
!
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key secret-key address 1.2.3.4
!
!
crypto ipsec transform-set VPNSet esp-3des esp-md5-hmac
!
crypto map CryptoMap 1 ipsec-isakmp
set peer 1.2.3.4
set transform-set VPNsSet
match address 101
!
!
!
!
int f0
ip addr 10.1.1.1 255.255.255.0
!
interface Serial0
ip address 6.7.8.9 255.255.255.252
ip access-group 120 in
ip verify unicast reverse-path
no ip redirects
no ip proxy-arp
ip mtu 1400
encapsulation ppp
ip tcp adjust-mss 1400
crypto map CryptoMap
!
ip classless
ip route 0.0.0.0 0.0.0.0 <outside-router>
no ip http server
!
!
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 101 permit ip 10.1.1.0 0.0.0.255 172.31.0.0 0.0.255.255
access-list 120 permit esp host <remote-peer> host 1.2.3.4
access-list 120 permit udp host <remote-peer> host 1.2.3.4 eq isakmp
access-list 120 permit ip 172.16.0.0 0.0.255.255 10.1.1.0 0.0.0.255
!
!
line con 0
password cisco
login
line aux 0
password cisco
login
line vty 0 4
access-class 1 in
login local
!
This example uses ACL 101 to encrypt traffic between local network 10.1.1.0/24 and remote
network 172.31.0.0/16.
ACL 120 has to allow the unencrypted traffic in, as decryption takes plae before ACL processing.
This example doesnt provide any firewall or Internet access, its VPN site to site only.
- Status
