*****************************
Cisco IPSec VPN Configuration
*****************************

Scenario
========

2 Cisco 1841 Routers, R1 and R2, are connected over their FastEthernet 0/0 interfaces to simulate a WAN link. Local subnets on R2 are to be accessible on R1 and vice versa over an IPSec tunnel. |br|
Details as follows:

+-----------------+----------------+----------------+
| Description     |      R1        |     R2         |
+=================+================+================+
| Fa 0/0 IP       | 1.1.1.1/30     | 2.2.2.2/30     |
| Local SN loop0  | 192.168.1.0/24 | 192.168.2.0/24 |
| Encryption      | AES256         | AES256         |
| Hashing         | SHA256         | SHA256         |
| DH Group        | 14             | 14             |
| IKE P1 Lifetime | 6000           | 6000           |
+-----------------+----------------+----------------+




Define IKE phase 1 policy
-------------------------

On R1 and R2:

crypto isakmp policy 1
 # Set encryption algorithm 
 encr aes 256
 # Set hash function
 hash sha256
 # Set authentication
 authentication pre-share
 # Set Diffie-Hellman group
 group 14 
 # Set tunnel lifetime
 lifetime 6000





On R1

crypto isakmp key password123 address 1.1.1.2


On R2

crypto isakmp key password123 address 1.1.1.1




Create ACL to define traffic to tunnel
--------------------------------------

On R1

access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

On R2

access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255



On R1 and R2:

crypto ipsec transform-set P2SET esp-sha256-hmac esp-aes 256
mode tunnel




On R1: 

crypto map R1_CMAP 1 ipsec-isakmp
match address 100
set transform-set P2SET
set peer 1.1.1.2


On R2:

crypto map R2_CMAP 1 ipsec-isakmp
match address 100
set transform-set P2SET
set peer 1.1.1.1




Assign the crypto map to interface
----------------------------------

crypto map R2_CMAP