IPSEC VPN Site to Site 

Site to Site IPSec VPN Tunnels are the logical tunnels used to allow the secure and reliable transmission of data, voice and video between two sites and locations e.g offices or branches. The VPN tunnel is the tunnel that is created over public network and encrypted using a number of advanced encryption algorithms to provide the confidentiality of the data transmitted between the two branches.

Fig 1: IPSEC VPN Site to Site

Site 1

ISAKMP Phase 1:

Networkeducative-R1(config)#  crypto isakmp policy 1

Networkeducative-R1(config-isakmp)# encr 3des

Networkeducative-R1(config-isakmp)# hash md5

Networkeducative-R1(config-isakmp)# authentication pre-share

Networkeducative-R1(config-isakmp)# group 2

Networkeducative-R1(config-isakmp)# lifetime 86400

Set the Pre shared key for the authentication

Networkeducative-R1(config)# crypto isakmp key networkeducative address 1.1.1.2

ISAKMP Phase 2:

Set the extended access list

Networkeducative-R1(config)# ip access-list extended VPN-TRAFFIC

Networkeducative-R1(config-ext-nacl)# permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255

Set the transform set

Networkeducative-R1(config)# crypto ipsec transform-set TS esp-3des esp-md5-hmac

Create Crypto MAP

Networkeducative-R1(config)# crypto map CMAP 10 ipsec-isakmp

Networkeducative-R1(config-crypto-map)# set peer 1.1.1.2

Set transform set in crypto MAP

Networkeducative-R1(config-crypto-map)# set transform-set TS

Networkeducative-R1(config-crypto-map)# match address VPN-TRAFFIC

Bind Cyrpto Map on Interface which has public IP

Networkeducative-R1(config)# interface FastEthernet0/1

Networkeducative-R1(config- if)# crypto map CMAP

  Site 2

ISAKMP Phase 1:

Networkeducative-R2(config)# crypto isakmp policy 1

Networkeducative-R2(config-isakmp)# encr 3des

Networkeducative-R2(config-isakmp)# hash md5

Networkeducative-R2(config-isakmp)# authentication pre-share

Networkeducative-R2(config-isakmp)# group 2

Networkeducative-R2(config-isakmp)# lifetime 86400

Set the Pre shared key for the authentication

Networkeducative-R2(config)# crypto isakmp key networkeducative address 1.1.1.1

ISAKMP Phase 2:

Set the extended access list

Networkeducative-R2(config)# ip access-list extended VPN-TRAFFIC

Networkeducative-R2(config-ext-nacl)# permit ip 20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255

 Set the transform set

Networkeducative-R2(config)# crypto ipsec transform-set TS esp-3des esp-md5-hmac

Create Crypto MAP

Networkeducative-R2(config)# crypto map CMAP 10 ipsec-isakmp

Networkeducative-R2(config-crypto-map)# set peer 1.1.1.1

Set transform set in crypto MAP

Networkeducative-R2(config-crypto-map)# set transform-set TS

Networkeducative-R2(config-crypto-map)# match address VPN-TRAFFIC

Bind Cyrpto Map on Interface which has public IP

Networkeducative-R2(config)# interface FastEthernet0/1

Networkeducative-R2(config- if)# crypto map CMAP