We will create VPN tunnel for connection from SiteA to SIteB over internet connection.
Requirement:
•Internet connection each sites.
•2 Cisco router with 1 LAN interface (Ethernet) and 1 WAN interface (Serial).
•IOS with IPSec.
•IP address plan each site network, eg. SIteA 192.168.1.0/24 and SiteB 192.168.2.0/24
•Public IP each site that assigned by your ISP, eg. SiteA 10.10.10.1 and SiteB 11.11.11.1
SITE A
hostname RouterA
!
enable password 123
!
crypto isakmp enable
crypto isakmp identity address
!
crypto isakmp policy 1
encryption des
hash md5
authentication pre-share
group 1
lifetime 86400
crypto isakmp key secretkey address 11.11.11.1
!
crypto ipsec transform-set cm-transformset-1 ah-md5-hmac esp-des esp-md5-hmac
crypto map cm-cryptomap local-address Serial 0
!
crypto map cm-cryptomap 1 ipsec-isakmp
match address 100
set peer 11.11.11.1
set transform-set cm-transformset-1
set security-association lifetime seconds 3600
set security-association lifetime kilobytes 4608000
!
interface FastEthernet 0
description connected to EthernetLAN
ip address 192.168.1.1 255.255.255.0
!
interface Serial 0
description connected to Internet
crypto map cm-cryptomap
ip address 10.10.10.1 255.255.255.252
!
no access-list 100
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
!
ip route 0.0.0.0 0.0.0.0 Serial 0
!
line console 0
exec-timeout 0 0
password 123
login
!
line vty 0 4
password 123
login
!
end
===
SITE B
hostname RouterB
!
enable password 123
!
crypto isakmp enable
crypto isakmp identity address
!
crypto isakmp policy 1
encryption des
hash md5
authentication pre-share
group 1
lifetime 86400
crypto isakmp key secretkey address 10.10.10.1
!
crypto ipsec transform-set cm-transformset-1 ah-md5-hmac esp-des esp-md5-hmac
crypto map cm-cryptomap local-address Serial 0
!
crypto map cm-cryptomap 1 ipsec-isakmp
match address 100
set peer 10.10.10.1
set transform-set cm-transformset-1
set security-association lifetime seconds 3600
set security-association lifetime kilobytes 4608000
!
interface FastEthernet 0
description connected to EthernetLAN_1
ip address 192.168.2.1 255.255.255.0
!
interface Serial 0
description connected to Internet
crypto map cm-cryptomap
ip address 11.11.11.1 255.255.255.252
!
no access-list 100
access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
ip route 0.0.0.0 0.0.0.0 Serial 0
!
line console 0
exec-timeout 0 0
password 123
login
!
line vty 0 4
password 123
login
!
end