Cisco IPSec VPN Configuration¶
Scenario¶
2 Cisco 1841 Routers, R1 and R2, are connected over their FastEthernet 0/0 interfaces to simulate a WAN link. Local subnets on R2 are to be accessible on R1 and vice versa over an IPSec tunnel.
Details as follows:
| Description | R1 | R2 |
|---|---|---|
| Fa 0/0 IP Local SN loop0 Encryption Hashing DH Group IKE P1 Lifetime | 1.1.1.1/30 192.168.1.0/24 AES256 SHA256 14 6000 | 2.2.2.2/30 192.168.2.0/24 AES256 SHA256 14 6000 |
Define IKE phase 1 policy¶
On R1 and R2:
- crypto isakmp policy 1
- # Set encryption algorithm encr aes 256 # Set hash function hash sha256 # Set authentication authentication pre-share # Set Diffie-Hellman group group 14 # Set tunnel lifetime lifetime 6000
On R1
crypto isakmp key password123 address 1.1.1.2
On R2
crypto isakmp key password123 address 1.1.1.1
Create ACL to define traffic to tunnel¶
On R1
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
On R2
access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
On R1 and R2:
crypto ipsec transform-set P2SET esp-sha256-hmac esp-aes 256 mode tunnel
On R1:
crypto map R1_CMAP 1 ipsec-isakmp match address 100 set transform-set P2SET set peer 1.1.1.2
On R2:
crypto map R2_CMAP 1 ipsec-isakmp match address 100 set transform-set P2SET set peer 1.1.1.1
Assign the crypto map to interface¶
crypto map R2_CMAP