by Ras
19. March 2012 20:21
Router A :
Ethernet ip address : 192.168.100.1
WAN ip address : 10.10.10.1
———————————————–
Router B :
Ethernet ip address : 192.168.200.1
WAN ip address : 10.10.20.1
———————————————–
Router A config :
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key 0 123 address 10.10.20.1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map VPN_CMAP_1 1 ipsec-isakmp
description Tunnel to10.10.20.1
set peer 10.10.20.1
set transform-set ESP-3DES-SHA
match address 100
!
interface FastEthernet0/0
ip address 192.168.100.1 255.255.255.0
speed auto
!
interface Serial0/0
ip address 10.10.10.1 255.255.255.0
crypto map VPN_CMAP_1
!
access-list 100 permit ip 192.168.100.0 0.0.0.255 192.168.200.0 0.0.0.255
Router B config :
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key 0 123 address 10.10.10.1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map VPN_CMAP_1 1 ipsec-isakmp
description Tunnel to10.10.10.1
set peer 10.10.10.1
set transform-set ESP-3DES-SHA
match address 100
!
interface FastEthernet0/0
ip address 192.168.200.1 255.255.255.0
speed auto
!
interface Serial0/0
ip address 10.10.20.1 255.255.255.0
crypto map VPN_CMAP_1
!
access-list 100 permit ip 192.168.200.0 0.0.0.255 192.168.100.0 0.0.0.255
Note :
If you use NAT you will need to bypass NAT from the configuration for source to destination addresses :
access-list 101 deny ip 192.168.100.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 101 permit ip 192.168.100.0 0.0.0.255 any
Subscribe