VPN

Site-to-Site IPsec VPN

Cisco IOS commands:

 ! IKE Phase 1 - negotiating gateway-to-gateway secure control tunnel for key exchanges and negotiation of phase 2 UPD port 500
 config# crypto isakmp policy <number>
 config-isakmp# authentication pre-shared
 config-isakmp# encr <enc_algo> <bits>
 config-isakmp# hash <hashing_algo>
 config-isakmp# group <DH_group>
 config-isakmp# lifetime <sec>
 config-isakmp# exit
 config# crypto isakmp key <pre-shared-key> address <peer_ip>
 ! IKE Phase 2 - negotiating IPsec data tunnel for end nodes AH protocol 51 or ESP portocol 50
 config# crypto ipsec transform-set <name> <transforms>
 config-crypto-trans# mode tunnel
 config-crypto-trans# exit
 ! What traffic to secure
 config# access-list <ext_acl> permit ip <src> <src_wildcard_mask> <dst> <dst_wildcard_mask>
 ! How to secure
 config# crypto map <map_name> <num> ipsec-isakmp
 config-crypto-map# match <ext_acl>
 config-crypto-map# set transform-set <name>
 config-crypto-map# set peer <peer_ip>
 config-crypto-map# set pfs <pfs>
 config-crypto-map# exit
 config# interface <if_name>
 config-if# crypto map <map_name>
 config-if# end