Site to Site VPN between Two Routers

<< Live Cricket Streaming : Watch 20-20 World Cup on Internet | My Router Always Lost All Configuration After Rebooting [Configuration Register Value Issue] >>

Home >

Site to Site VPN between Two Routers

3. March 2011

Comments (0)

We are going to configure whole diagram and so we will give All IP address to routers and then we will configure VPN.

================================

For PK Router:

================================

Router Name: PK

LIVE IP: 202.12.11.157

Router F0/0 IP: 192.168.0.1

Crypto ISAKMP Key: Cisco

===================================

For US Router:

===================================

Router Name: US

LIVE IP: 166.157.12.30

Router F0/0 IP: 192.168.1.1

Crypto ISAKMP Key: Cisco

Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname PK
PK(config)#line console 0
PK(config-line)#logging synchronous
PK(config-line)#exit
PK(config)#interface s0/0
PK(config-if)#ip address 202.12.11.157 255.255.255.0
PK(config-if)#no sh
PK(config-if)#keepalive
PK(config-if)#
01:20:38: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed sta
te to down
PK(config-if)#^Z
PK#
01:21:00: %SYS-5-CONFIG_I: Configured from console by console
PK#show controllers s0/0
Interface Serial0/0
Hardware is PowerQUICC MPC860
DCE V.35, no clock-----> So We Need To Give Clock Rate on S0/0
idb at 0x81F722C4, driver data structure at 0x81F7A6C0
SCC Registers:
General [GSMR]=0x2:0x00000030, Protocol-specific [PSMR]=0x8
Events [SCCE]=0x0000, Mask [SCCM]=0x001F, Status [SCCS]=0x00
Transmit on Demand [TODR]=0x0, Data Sync [DSR]=0x7E7E
Interrupt Registers:

PK#
PK(config)#no ip domain-lookup
PK(config)#interface f0/0
PK(config-if)#ip address 192.168.0.1 255.255.255.0
PK(config-if)#no
PK(config-if)#no shut
PK(config-if)#
01:24:40: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
PK(config-if)#
01:24:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, chang
ed state to up
PK(config-if)#exit
PK(config)#ip router
PK(config)#ip route 192.168.1.0 255.255.255.0 166.157.12.30
PK(config)#exit
PK#
01:25:51: %SYS-5-CONFIG_I: Configured from console by console
PK#conf t
Enter configuration commands, one per line. End with CNTL/Z.
PK(config)#crypto isakmp policy 10
PK(config-isakmp)#?
ISAKMP commands:
authentication Set authentication method for protection suite
default         Set a command to its defaults
encryption      Set encryption algorithm for protection suite
exit            Exit from ISAKMP protection suite configuration mode
group           Set the Diffie-Hellman group
hash            Set hash algorithm for protection suite
lifetime        Set lifetime for ISAKMP security association
no              Negate a command or set its defaults

PK(config-isakmp)#authentication ?
pre-share Pre-Shared Key
rsa-encr   Rivest-Shamir-Adleman Encryption
rsa-sig    Rivest-Shamir-Adleman Signature

PK(config-isakmp)#authentication pre-share
PK(config-isakmp)#encryption des
PK(config-isakmp)#group 2
PK(config-isakmp)#hash ?
md5 Message Digest 5
sha Secure Hash Standard

PK(config-isakmp)#hash md5
PK(config-isakmp)#exit
PK(config)#crypto ipsec ?
security-association Security association parameters
transform-set         Define transform and settings

PK(config)#crypto ipsec transform-set ?
WORD Transform set tag

PK(config)#crypto ipsec transform-set ts1 ?
ah-md5-hmac   AH-HMAC-MD5 transform
ah-sha-hmac   AH-HMAC-SHA transform
comp-lzs      IP Compression using the LZS compression algorithm
esp-des       ESP transform using DES cipher (56 bits)
esp-md5-hmac ESP transform using HMAC-MD5 auth
esp-null      ESP transform w/o cipher
esp-sha-hmac ESP transform using HMAC-SHA auth
<cr>
PK(config)#crypto ipsec transform-set ts1 esp-des esp-md5-hmac
PK(cfg-crypto-trans)#exit
PK(config)#crypto isakmp key ?
WORD pre-shared key

PK(config)#crypto isakmp key cisco ?
address   define shared key with IP address
hostname define shared key with hostname

PK(config)#crypto isakmp key cisco address 166.157.12.30
PK(config)#$ 101 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
PK(config)#crypto map map1 ?
<1-65535>      Sequence to insert into crypto map entry
client         Specify client configuration settings
isakmp         Specify isakmp configuration settings
local-address Interface to use for local address for this crypto map

PK(config)#crypto map map1 1 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
        and a valid access list have been configured.
PK(config-crypto-map)#set ?
peer                  Allowed Encryption/Decryption peer.
pfs                   Specify pfs settings
security-association Security association parameters
transform-set         Specify list of transform sets in priority order

PK(config-crypto-map)#set peer 166.157.12.30
PK(config-crypto-map)#match address 101
PK(config-crypto-map)#set transform-set ts1
PK(config-crypto-map)#exit
PK(config)#interface s0/0
PK(config-if)#crypto map ?
WORD Crypto Map tag

PK(config-if)#crypto map map1
PK(config-if)#exit

Login To Router US:

Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname US
US(config)#line console 0
US(config-line)#logging synchronous
US(config-line)#exit
US(config)#interface s0/0
US(config-if)#ip address 166.157.12.30 255.255.255.0
US(config-if)#no sh
US(config-if)#keepalive
US(config-if)#
01:20:38: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed sta
te to down
US(config-if)#^Z
US#
01:21:00: %SYS-5-CONFIG_I: Configured from console by console
US#show controllers s0/0
Interface Serial0/0
Hardware is PowerQUICC MPC860
DCE V.35, no clock-----> So We Need To Give Clock Rate on S0/0
idb at 0x81F722C4, driver data structure at 0x81F7A6C0
SCC Registers:
General [GSMR]=0x2:0x00000030, Protocol-specific [PSMR]=0x8
Events [SCCE]=0x0000, Mask [SCCM]=0x001F, Status [SCCS]=0x00
Transmit on Demand [TODR]=0x0, Data Sync [DSR]=0x7E7E
Interrupt Registers:

US#
US(config)#no ip domain-lookup
US(config)#interface f0/0
US(config-if)#ip address 192.168.1.1 255.255.255.0
US(config-if)#no
US(config-if)#no shut
US(config-if)#
01:24:40: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
US(config-if)#
01:24:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, chang
ed state to up
US(config-if)#exit
US(config)#ip router
US(config)#ip route 192.168.1.0 255.255.255.0 202.12.11.157
US(config)#exit
US#
01:25:51: %SYS-5-CONFIG_I: Configured from console by console
US#conf t
Enter configuration commands, one per line. End with CNTL/Z.
US(config)#crypto isakmp policy 10
US(config-isakmp)#?
ISAKMP commands:
authentication Set authentication method for protection suite
default         Set a command to its defaults
encryption      Set encryption algorithm for protection suite
exit            Exit from ISAKMP protection suite configuration mode
group           Set the Diffie-Hellman group
hash            Set hash algorithm for protection suite
lifetime        Set lifetime for ISAKMP security association
no              Negate a command or set its defaults

US(config-isakmp)#authentication ?
pre-share Pre-Shared Key
rsa-encr   Rivest-Shamir-Adleman Encryption
rsa-sig    Rivest-Shamir-Adleman Signature

US(config-isakmp)#authentication pre-share
US(config-isakmp)#encryption des
US(config-isakmp)#group 2
US(config-isakmp)#hash ?
md5 Message Digest 5
sha Secure Hash Standard

US(config-isakmp)#hash md5
US(config-isakmp)#exit
US(config)#crypto ipsec ?
security-association Security association parameters
transform-set         Define transform and settings

US(config)#crypto ipsec transform-set ?
WORD Transform set tag

US(config)#crypto ipsec transform-set ts1 ?
ah-md5-hmac   AH-HMAC-MD5 transform
ah-sha-hmac   AH-HMAC-SHA transform
comp-lzs      IP Compression using the LZS compression algorithm
esp-des       ESP transform using DES cipher (56 bits)
esp-md5-hmac ESP transform using HMAC-MD5 auth
esp-null      ESP transform w/o cipher
esp-sha-hmac ESP transform using HMAC-SHA auth
<cr>
US(config)#crypto ipsec transform-set ts1 esp-des esp-md5-hmac
US(cfg-crypto-trans)#exit
US(config)#crypto isakmp key ?
WORD pre-shared key

US(config)#crypto isakmp key cisco ?
address   define shared key with IP address
hostname define shared key with hostname

US(config)#crypto isakmp key cisco address 202.12.11.157
US(config)#$ 101 permit ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
US(config)#crypto map map1 ?
<1-65535>      Sequence to insert into crypto map entry
client         Specify client configuration settings
isakmp         Specify isakmp configuration settings
local-address Interface to use for local address for this crypto map

US(config)#crypto map map1 1 ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer
        and a valid access list have been configured.
US(config-crypto-map)#set ?
peer                  Allowed Encryption/Decryption peer.
pfs                   Specify pfs settings
security-association Security association parameters
transform-set         Specify list of transform sets in priority order

US(config-crypto-map)#set peer 202.12.11.157
US(config-crypto-map)#match address 101
US(config-crypto-map)#set transform-set ts1
US(config-crypto-map)#exit
US(config)#interface s0/0
US(config-if)#crypto map ?
WORD Crypto Map tag

US(config-if)#crypto map map1
US(config-if)#exit

7fde7ace-a196-4f9a-bf2f-1673745ee289|0|.0

Network Policy: Virtual Private Network (VPN) Policy1.0 Purpose The purpose of this policy is to provide guidelines for Remote Access IPSec or L2TP Vi...Cisco Certified Network Associate Exam CCNAExam Number: 640-802 CCNA Associated Certifications: CCNA Duration: 90 Minutes (50-6...IIS Web Sites and Virtual Directory Concepts for SharePoint DeveloperBoth ASP.NET and WSS rely on IIS 6.0 to supply the underlying listening mechanism to process incomin...

Beyond web logs