Try this, should set you off in the right direction:
hostname router
!
enable secret
!
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key secret-key address 1.2.3.4
!
!
crypto ipsec transform-set VPNSet esp-3des esp-md5-hmac
!
crypto map CryptoMap 1 ipsec-isakmp
set peer 1.2.3.4
set transform-set VPNsSet
match address 101
!
!
!
!
int f0
ip addr 10.1.1.1 255.255.255.0
!
interface Serial0
ip address 6.7.8.9 255.255.255.252
ip access-group 120 in
ip verify unicast reverse-path
no ip redirects
no ip proxy-arp
ip mtu 1400
encapsulation ppp
ip tcp adjust-mss 1400
crypto map CryptoMap
!
ip classless
ip route 0.0.0.0 0.0.0.0 <outside-router>
no ip http server
!
!
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 101 permit ip 10.1.1.0 0.0.0.255 172.31.0.0 0.0.255.255
access-list 120 permit esp host <remote-peer> host 1.2.3.4
access-list 120 permit udp host <remote-peer> host 1.2.3.4 eq isakmp
access-list 120 permit ip 172.16.0.0 0.0.255.255 10.1.1.0 0.0.0.255
!
!
line con 0
password cisco
login
line aux 0
password cisco
login
line vty 0 4
access-class 1 in
login local
!
This example uses ACL 101 to encrypt traffic between local network 10.1.1.0/24 and remote
network 172.31.0.0/16.
ACL 120 has to allow the unencrypted traffic in, as decryption takes plae before ACL processing.
This example doesnt provide any firewall or Internet access, its VPN site to site only.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.