Search This Blog

Site-to-site IPsec VPN







                     The site-to-site VPN requires us to have connectivity between R3 and RSW2
                                 
RSW2#conf t
RSW2#crypto isakmp policy 2
RSW2#(config-isakmp)#authentication pre-share
RSW2#(config-isakmp)#encryption 3des
RSW2#(config-isakmp)#exit
-------------------------------------------------------------------
RSW2(config)#crypto isakmp key 0 sitE+0sitE address 192.168.23.3   gateway
RSW2(config)#ip access-list extended R3_TRAFFIC
RSW2(config-ext-nacl)#permit ip 10.1.100.0 0.0.0.255 host 172.16.3.3
RSW2(config)#crypto ipsec transform-set VPN_TRANSFORM esp-3des espsha-hmac
---------------------------------------------------------------------------

RSW2(config)#crypto map R3_CMAP 1 ipsec-isakmp
RSW2(config-crypto-map)#set peer 192.168.23.3
RSW2(config-crypto-map)#set transform-set VPN_TRANSFORM
RSW2(config-crypto-map)#match address R3_TRAFFIC
RSW2(config-ext-nacl)#exit
RSW2(config)#interface vl122                  VLAN 122 interfaces    connections to the Internet (R2).      
RSW2(config-if)#crypto map R3_CMAP
-----------------------------------------------------------------------


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



R3#conf t
R3#crypto isakmp policy 2                        

R3#(config-isakmp)#authentication pre-share      
R3#(config-isakmp)#encryption 3des                
R3#(config-isakmp)#exit                            
------------------------------------------------------------------------
R3#(config)#crypto isakmp key 0 sitE+0sitE address 192.168.12.1                                                
R3(config)#ip access-list extended RSW1_TRAFFIC
R3(config-ext-nacl)#permit ip host 172.16.3.3 10.1.100.0 0.0.0.255
R3(config)#crypto ipsec transform-set VPN_TRANSFORM esp-3des espsha-hmac
R3(config-ext-nacl)#exit
-------------------------------------------------------------------------                            
R3(config)#crypto map RSW2_CMAP 1 ipsec-isakmp
R3(config-crypto-map)#set peer 192.168.12.1
R3(config-crypto-map)#set transform-set VPN_TRANSFORM
R3(config-crypto-map)#match address RSW1_TRAFFIC
R3(config-crypto-map)#exit
R3(config)#interface s0/0.2                        R3’s S0/0.2  connections to the Internet
R3(config-if)#crypto map RSW2_CMAP

Setting up a GRE Tunnel

R3#conf t
R3(config)#interface Tunnel10
R3(config-if)#ip address 172.16.10.3 255.255.255.0
R3(config-if)#tunnel source Loopback3
R3(config-if)#tunnel destination 10.1.1.11
R3(config-if)#end



RSW1#conf t
RSW1(config)#interface Tunnel10
RSW1(config-if)#ip address 172.16.10.11 255.255.255.0
RSW1(config-if)#tunnel source Loopback11
RSW1(config-if)#tunnel destination 172.16.3.3
RSW1(config-if)#end

Gatway             

RSW2(config)#ip access-list extended GRE_LIST
RSW2(config-ext-nacl)#permit gre host 172.16.3.3 host 10.1.1.11
RSW2(config-ext-nacl)#permit gre host 10.1.1.11 host 172.16.3.3
RSW2(config-ext-nacl)#exit









No comments:

Post a Comment

Subscribe to: Posts (Atom)