Cisco site to site VPN brief setup

I have just two sites with Cisco equipment setup. now I need to get a VPN over the internet.

Assumed that both routers are configured:

Router A

 

!
crypto isakmp policy 20
 encr aes 256
 authentication pre-share
 group 2
 lifetime 600
crypto isakmp key MyKey address 10.250.200.2
!
crypto ipsec transform-set TS-SPOKE ah-md5-hmac esp-aes 256 
!
crypto map SPOKE-MAP 20 ipsec-isakmp 
 set peer 10.250.200.2
 set transform-set TS-SPOKE 
 match address VPN-SPOKE
!
interface FastEthernet0/0

 crypto map SPOKE-MAP
!
ip access-list extended VPN-SPOKE
 permit ip any any
!

Router B

!
crypto isakmp policy 20
 encr aes 256
 authentication pre-share
 group 2
 lifetime 600
crypto isakmp key MyKey address 10.250.200.1
!
crypto ipsec transform-set TS-SPOKE ah-md5-hmac esp-aes 256 
!
crypto map SPOKE-MAP 20 ipsec-isakmp 
 set peer 10.250.200.1
 set transform-set TS-SPOKE 
 match address VPN-SPOKE
!
interface FastEthernet0/0

 crypto map SPOKE-MAP
!
ip access-list extended VPN-SPOKE
 permit ip any any
!

If you use this in real life not on a simulator please change the Password MyKey !

There are plenty of good howtos out in the net that describe in detail how IPSEC site-to-site VPN works:

RouterGeek ยป How to Configure Site-to-Site VPN in Cisco Routers

firewall.cx – Configuring Site to Site IPSec VPN Tunnel Between Cisco Routers

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *