Cisco Router Site to Site IPSEC VPN

This is my Cisco router site to site IPSEC tunnel setups.

Router1 (90.215.78.91):

Setup IPSEC

!
 crypto isakmp policy 10
 hash md5
 authentication pre-share
 crypto isakmp key c1sc0 address 81.136.245.108
 !
 !
 crypto ipsec transform-set secretkey esp-des esp-md5-hmac
 !
 crypto map mymap 10 ipsec-isakmp
 set peer 81.136.245.108
 set transform-set secretkey
 match address 101
 !

 

Setup Route

ip route 192.168.2.0 255.255.255.0 Dialer0

Setup the access lists, remember to add the deny rule for the local subnet to the remote subnet in your NAT accesslist, if not the traffic is NATed and your routing will not work

ip nat inside source list 100 interface Dialer0 overload

 access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
 access-list 100 permit ip 192.168.1.0 0.0.0.255 any
 access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
 dialer-list 1 protocol ip permit
 !

 

Router2 (81.136.245.108):

Setup IPSEC

!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key c1sc0 address 90.215.78.91
!
!
crypto ipsec transform-set secretkey esp-des esp-md5-hmac
!
crypto map mymap 10 ipsec-isakmp
set peer 90.215.78.91
set transform-set secretkey
match address 101
!

Setup Route

ip route 192.168.1.0 255.255.255.0 Dialer0

 

Setup Access lists

ip nat inside source list 100 interface Dialer0 overload

access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *