Your SlideShare is downloading. ×
0
CIS 264Dan MorrillHighline Community College
 A static IP address on the EXTERNAL interface of yourrouter Needs to be in the 192.168.203.X range for this class (alle...
 http://www.routergeek.net/general/how-to-configure-site-to-site-vpn-in-cisco-routers/ provides good stepby step in case ...
 Create an IKE (Internet Key Exchange) policy for yourrouter1. Router(config)#crypto isakmp policy 92. Router(config-isak...
 Router(config)#crypto isakmp key VPNKEY address192.168.203.25 Where the VPNKEY is the shared key that you will usefor t...
 Router(config)#crypto ipsec security-associationlifetime seconds YYYYY where YYYYY is the associations lifetime in seco...
 Router(config)#access-list AAA permit ipSSS.SSS.SSS.SSS WIL.DCA.RDM.ASKDDD.DDD.DDD.DDD WIL.DCA.RDM.ASK Access-list AAA ...
 Define the transformations set that will be used for theVPN connection Router(config)#crypto ipsec transform-setSETNAME...
 Router(config)#crypto map MAPNAME PRIORITY ipsec-isakmp Router(config-crypto-map)#set peer 192.168.203.25 Router(confi...
 Router(config-if)#crypto map MAPNAME where MAPNAME is the name of the crypto-map thatwe defined in step 6. Now, repeat...
 Repeat steps 2, 4, 5, 6, 7 for each VPN you want to setup for each connection point R3, R4, R5, R6, R7 in all you will ...
 show crypto isakmp sa show crypto ipsec sa show crypto engine connections active and show crypto map All those shoul...
Configure Site to Site VPNs in Cisco 2911's
Upcoming SlideShare
Loading in...5
×

Configure Site to Site VPNs in Cisco 2911's

3,946

Published on

Quick presentation on the steps to build out a mesh site to site network using a cisco 2911

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,946
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
64
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • http://www.routergeek.net/general/how-to-configure-site-to-site-vpn-in-cisco-routers/
  • Transcript of "Configure Site to Site VPNs in Cisco 2911's"

    1. 1. CIS 264Dan MorrillHighline Community College
    2. 2.  A static IP address on the EXTERNAL interface of yourrouter Needs to be in the 192.168.203.X range for this class (allexamples will use this IP range) Cisco 2911 Access to the router as exec Patience Remember to check your work before you commit thechanges Remember Write MEM A backup of your router configuration before doing this Just in case bad things happen to good people
    3. 3.  http://www.routergeek.net/general/how-to-configure-site-to-site-vpn-in-cisco-routers/ provides good stepby step in case you need it http://samcaldwell.net/index.php/technical-articles/3-how-to-articles/83-cisco-vpn-part-i providesgood background support for setting up a site to siteVPN in a Cisco router http://www.fredshack.com/docs/vpnios.htmlsomewhat convoluted but workable – use as a backupresource in case something goes wrong
    4. 4.  Create an IKE (Internet Key Exchange) policy for yourrouter1. Router(config)#crypto isakmp policy 92. Router(config-isakmp)#hash md53. Router(config-isakmp)#authentication pre-share
    5. 5.  Router(config)#crypto isakmp key VPNKEY address192.168.203.25 Where the VPNKEY is the shared key that you will usefor the VPN, and remember to set the same key on theother end VPNKEY = keyR7ToR5 to help with the namingconvention 192.168.203.25 the static public IP address of theother end
    6. 6.  Router(config)#crypto ipsec security-associationlifetime seconds YYYYY where YYYYY is the associations lifetime in seconds. It isusually used as 86400, which is one day.
    7. 7.  Router(config)#access-list AAA permit ipSSS.SSS.SSS.SSS WIL.DCA.RDM.ASKDDD.DDD.DDD.DDD WIL.DCA.RDM.ASK Access-list AAA permit ip 192.168.203.25 0.0.0.255192.168.203.26 0.0.0.255 Where 203.26 is the Active Directory server or othercomputer on the network that will pass data backand forth between racks in the VPN Where WIL.DCA.RDM.ASK = wild card mask of thenetwork, the reverse subnet for a flat “C” network
    8. 8.  Define the transformations set that will be used for theVPN connection Router(config)#crypto ipsec transform-setSETNAME AAAA BBBB Where SETNAME is the name of the transformationsset. You can choose any name you like. Naming isimportant to keep track of the transforms BBBB and CCCCC is the transformation set. Irecommend the use of “esp-3des esp-md5-hmac”.
    9. 9.  Router(config)#crypto map MAPNAME PRIORITY ipsec-isakmp Router(config-crypto-map)#set peer 192.168.203.25 Router(config-crypto-map)#set transform-set SETNAME Router(config-crypto-map)#match address AAA Where MAPNAME is a name of your choice to the crypto-map PRIORITY is the priority of this map over other maps to thesame destination. If this is your only crypto-map give it anynumber, for example 10. 192.168.203.25 the static public IP address of the other end SETNAME is the name of the transformations set that weconfigured in step 5 AAA is the number of the access-list that we created to definethe traffic in step 4
    10. 10.  Router(config-if)#crypto map MAPNAME where MAPNAME is the name of the crypto-map thatwe defined in step 6. Now, repeat these steps on the other end, andremember to use the same key along with the sameauthentication and transform set.
    11. 11.  Repeat steps 2, 4, 5, 6, 7 for each VPN you want to setup for each connection point R3, R4, R5, R6, R7 in all you will have 5 VPNconnections in your router configuration Remember to skip step 3 This is step 3, this is a global configuration that will workon all VPN’s connected to the router Router(config)#crypto ipsec security-associationlifetime seconds YYYYY
    12. 12.  show crypto isakmp sa show crypto ipsec sa show crypto engine connections active and show crypto map All those should show what you entered Then write mem Then do a show run to see if everything took after writemem
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×