Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win



Posted on 2013-11-16
Medium Priority
Last Modified: 2014-01-01

Im trying to establish a Site to Site IPSEC VPN using a Cisco 891 3G Router and another Unknown Cisco Router from Head Office.

My Job is to configure the Cisco 891 3G Router to establish a Site to Site VPN Connection to the Head office Router and the Head office Network Engineers have provided the configurations that has to be done by me on this 891 3G Brach office router to establish a VPN Tunnel to HO. I have attached the configuration information provided by HO Enigneers for your reference.

I my self assume the below configuration to create the VPN Tunnel to the HO Router based on the details provided by HO Engineers.

crypto isakmp policy 1
authentication pre-share
hash sha1
encryption aes 256
group 5
lifetime 86400
crypto isakmp key !A8Ia<560d{hsEISR`;%!<7Wg8#{9/B08&&W9B| address X.X.X.X
crypto ipsec transform-set myset esp-aes esp-sha

access-list 101 permit ip
crypto HO 10 ipsec-isakmp
set peer X.X.X.X
match address 101
set transform-set myset
int dialer 0
crypto map HO

Could you please check and see whether the configuration provided above has all commands to establish the IPSEC VPN Tunnel to HO with the information provided by HO Engineers.

Also please provide step by step instructions to configure Site to Site VPN on cisco 891 3G Router.
Question by:nirmal_s19
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Author Comment

ID: 39655649
any help on the above please, its been 2 days since i requested for help

Accepted Solution

logic2 earned 2000 total points
ID: 39656154

Here is how I think the configuration should be.
Please note that you have to know the preshared key in clear text in order to configure it below.

crypto isakmp policy 1
 authentication pre-share
 encr aes 256
 group 5
 hash sha
 lifetime 86400

crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
crypto isakmp key 0 <Key> address x.x.x.x
access-list 100 permit ip
crypto map HO 10 ipsec-isakmp
 set peer x.x.x.x
 set security-association lifetime seconds 86400
 set transform-set myset
 set pfs group5
 match address 100

interface dialer 0
 crypto map HO
LVL 32

Expert Comment

ID: 39674703
If you have NAT configured yo will still have problems, you also need to add a nonat rule for the VPN traffic flow.

harbor235 ;}

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question