Lab-#40: How to configure Site to Site IPsec VPN on Cisco Router
#VPN
#Site-to-Site
#cisco
#ipsecvpn
--------------------------------------------------------------------------
Step 1: Configure the HQ router
access-list 100 permit ip 172.16.10.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 100 permit ip 172.16.10.0 0.0.0.255 192.168.1.0 0.0.0.255
crypto isakmp policy 10
encr aes
authentication pre-share
hash sha
lifetime 3600
group 2
crypto isakmp key Sysadmin@123 address 45.8.5.6 255.255.255.252
crypto isakmp key Sysadmin@123 address 108.45.11.6 255.255.255.252
crypto ipsec transform-set HQ_TS esp-aes esp-sha-hmac
exit
crypto ipsec security-association lifetime seconds 1800
crypto map HQ_MAP 10 ipsec-isakmp
set peer 45.8.5.6
set transform-set HQ_TS
match address 100
crypto map HQ_MAP 20 ipsec-isakmp
set peer 108.45.11.6
set transform-set HQ_TS
match address 100
interface g0/0
crypto map HQ_MAP
--------------------------
Step 2: Configure the Site-1 router
access-list 100 permit ip 10.10.10.0 0.0.0.255 172.16.10.0 0.0.0.255
crypto isakmp policy 10
encr aes
authentication pre-share
hash sha
lifetime 3600
group 2
crypto isakmp key Sysadmin@123 address 15.5.5.6
crypto ipsec transform-set SITE1_TS esp-aes esp-sha-hmac
exit
crypto ipsec security-association lifetime seconds 1800
crypto map SITE1_MAP 10 ipsec-isakmp
set peer 15.5.5.6
set transform-set SITE1_TS
match address 100
interface g0/0
crypto map SITE1_MAP
-----------------------------------
Step 3: Configure the Site-2 router
access-list 100 permit ip 192.168.1.0 0.0.0.255 172.16.10.0 0.0.0.255
crypto isakmp policy 10
encr aes
authentication pre-share
hash sha
lifetime 3600
group 2
crypto isakmp key Sysadmin@123 address 15.5.5.6
crypto ipsec transform-set SITE2_TS esp-aes esp-sha-hmac
exit
crypto ipsec security-association lifetime seconds 1800
crypto map SITE2_MAP 10 ipsec-isakmp
set peer 15.5.5.6
set transform-set SITE2_TS
match address 100
interface g0/0
crypto map SITE2_MAP
