Creating an Encrypted VPN Between the LAN Interfaces of Two Routers

Problem

You want to create an encrypted VPN through the Internet by connecting the LAN interfaces of two routers using pre-shared keys.

Solution

In this example, we show how to use IPSec in tunnel mode to encrypt traffic between the LAN interfaces of two routers. Here is the configuration of the first router:

Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#crypto isakmp policy 10
Router1(config-isakmp)#encr aes 256
Router1(config-isakmp)#authentication pre-share
Router1(config-isakmp)#group 2
Router1(config-isakmp)#exit
Router1(config)#crypto isakmp key TUNNELKEY01 address 172.16.2.1 no-xauth
Router1(config)#crypto ipsec transform-set LAN2LAN-TRANSFORM ah-sha-hmac esp-aes 256 
Router1(cfg-crypto-trans)#exit
Router1(config)#access-list 102 permit gre host 172.16.1.1 host 172.16.2.1
Router1(config)#crypto map LAN2LANMAP 10 ipsec-isakmp 
% NOTE: This new crypto map will remain disabled until a peer
    and a valid access list have been configured.
Router1(config-crypto-map)#set peer 172.16.2.1
Router1(config-crypto-map)#set transform-set LAN2LAN-TRANSFORM 
Router1(config-crypto-map)#match address 103
Router1(config-crypto-map)#exit
Router1(config)#access-list 103 permit ip 192.168.16.0 0.0.0.255 192.168.15.0 0.0.0.255
Router1(config)#interface FastEthernet0/1
Router1(config-if)#ip address 192.168.16.1 255.255.255.0
Router1(config-if)#exit
Router1(config)#interface FastEthernet0/0 ...

Get Cisco IOS Cookbook, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cisco IOS Cookbook, 2nd Edition by Kevin Dooley, Ian Brown

Creating an Encrypted VPN Between the LAN Interfaces of Two Routers

Problem

Solution

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly