December 2006
Intermediate to advanced
1188 pages
72h 8m
English
Content preview from Cisco IOS Cookbook, 2nd EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Creating an Encrypted VPN Between the LAN Interfaces of Two Routers
Problem
You want to create an encrypted VPN through the Internet by connecting the LAN interfaces of two routers using pre-shared keys.
Solution
In this example, we show how to use IPSec in tunnel mode to encrypt traffic between the LAN interfaces of two routers. Here is the configuration of the first router:
Router1#configure terminalEnter configuration commands, one per line. End with CNTL/Z. Router1(config)#crypto isakmp policyRouter1(config-isakmp)#10encr aesRouter1(config-isakmp)#256authentication pre-shareRouter1(config-isakmp)#groupRouter1(config-isakmp)#2exitRouter1(config)#crypto isakmp keyTUNNELKEY01address172.16.2.1no-xauthRouter1(config)#crypto ipsec transform-setLAN2LAN-TRANSFORMah-sha-hmac esp-aesRouter1(cfg-crypto-trans)#256exitRouter1(config)#access-list102permit gre host172.16.1.1hostRouter1(config)#172.16.2.1crypto map LAN2LANMAP10ipsec-isakmp% NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured. Router1(config-crypto-map)#set peerRouter1(config-crypto-map)#172.16.2.1set transform-setRouter1(config-crypto-map)#LAN2LAN-TRANSFORMmatch addressRouter1(config-crypto-map)#103exitRouter1(config)#access-list103permit ipRouter1(config)#192.168.16.0 0.0.0.255 192.168.15.0 0.0.0.255interfaceRouter1(config-if)#FastEthernet0/1ip addressRouter1(config-if)#192.168.16.1 255.255.255.0exitRouter1(config)#interfaceFastEthernet0/0 ...