Simple LAN-TO-LAN VPN Between IOS Routers

From Internetworkpro

Jump to: navigation, search
Configuration.png This page or section provides device configuration instructions
Please note that the information on this page has not been checked for accuracy and is not intended as a replacement to documentation. Please ensure you understand your desired objectives before attempting to apply any examples listed.
See more examples at Category:Configuration
Configuration.png This page or section provides VPN Configuration examples
The collection of articles under the VPN Category help to describe simple and complex VPN setups. These are often confusing and complicated so the Internetworkpro Wiki is attempting to create examples for many VPN setups - Site to site, remote access, automatic, one-way, ipsec, pptp, gre, vpdn, easyvpn, ssl, etc. Please ensure you understand your desired objectives before attempting to apply any examples listed. Guidance can be provided on irc://freenode.net/cisco
See more examples at Category:Configuration
See more VPN configuration at Category:VPN

This is the minimal configuration needed for a simple ipsec lan-to-lan vpn between two routers on the internet.

Lan-to-lan ipsec configuration between R1 and R2.
R1's LAN 10.1.0.0/16 outside IP 1.1.1.1
R2's LAN 10.2.0.0/16 outside IP 2.2.2.2
ipsec password is R1-R2

[edit] R1

crypto isakmp policy 10
  encryption 3des
  authentication pre-share
  group 2


crypto ipsec transform-set 3DES-HMAC esp-3des esp-sha-hmac

crypto isakmp key R1-R2 address 2.2.2.2
crypto isakmp enable


crypto map R1-R2 ipsec-isakmp
 set peer 2.2.2.2
 set transform-set 3DES-HMAC
 match address ACLR1-R2

ip access-list extendedl ACLR1-R2
 permit ip 10.1.0.0 0.0.255.255 10.2.0.0 0.0.255.255

ip route 0.0.0.0 0.0.0.0 1.1.1.254

int fa0/0
  description Outside Internet interface
  ip address 1.1.1.1 255.255.255.0
  crypto map R1-R2

int fa1/0
  description Inside clients
  ip address 10.1.0.1 255.255.0.0

[edit] R2

crypto isakmp policy 10
  encryption 3des
  authentication pre-share
  group 2

crypto ipsec transform-set 3DES-HMAC esp-3des esp-sha-hmac 

crypto isakmp key R1-R2 address 1.1.1.1
crypto isakmp enable

crypto map R2-R1 ipsec-isakmp
 set peer 1.1.1.1
 set transform-set 3DES-HMAC
 match address ACLR2-R1

ip access-list extended ACLR2-R1
 permit ip 10.2.0.0 0.0.255.255 10.1.0.0 0.0.255.255

ip route 0.0.0.0 0.0.0.0 2.2.2.254

int fa0/0
 description Outside internet
 ip address 2.2.2.2 255.255.255.0
 crypto map R2-R1

int fa1/0
 description Inside
 ip address 10.2.0.1 255.255.0.0
Retrieved from "http://www.inetpro.org/wiki/Simple_LAN-TO-LAN_VPN_Between_IOS_Routers"
Personal tools
Namespaces
Variants
Actions
Navigation
Categories
Toolbox