Posted on 2013-11-16
Last Modified: 2014-01-01

Im trying to establish a Site to Site IPSEC VPN using a Cisco 891 3G Router and another Unknown Cisco Router from Head Office.

My Job is to configure the Cisco 891 3G Router to establish a Site to Site VPN Connection to the Head office Router and the Head office Network Engineers have provided the configurations that has to be done by me on this 891 3G Brach office router to establish a VPN Tunnel to HO. I have attached the configuration information provided by HO Enigneers for your reference.

I my self assume the below configuration to create the VPN Tunnel to the HO Router based on the details provided by HO Engineers.

crypto isakmp policy 1
authentication pre-share
hash sha1
encryption aes 256
group 5
lifetime 86400
crypto isakmp key !A8Ia<560d{hsEISR`;%!<7Wg8#{9/B08&&W9B| address X.X.X.X
crypto ipsec transform-set myset esp-aes esp-sha

access-list 101 permit ip
crypto HO 10 ipsec-isakmp
set peer X.X.X.X
match address 101
set transform-set myset
int dialer 0
crypto map HO

Could you please check and see whether the configuration provided above has all commands to establish the IPSEC VPN Tunnel to HO with the information provided by HO Engineers.

Also please provide step by step instructions to configure Site to Site VPN on cisco 891 3G Router.
Question by:nirmal_s19

Author Comment

ID: 39655649
any help on the above please, its been 2 days since i requested for help

Accepted Solution

logic2 earned 500 total points
ID: 39656154

Here is how I think the configuration should be.
Please note that you have to know the preshared key in clear text in order to configure it below.

crypto isakmp policy 1
 authentication pre-share
 encr aes 256
 group 5
 hash sha
 lifetime 86400

crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
crypto isakmp key 0 <Key> address x.x.x.x
access-list 100 permit ip
crypto map HO 10 ipsec-isakmp
 set peer x.x.x.x
 set security-association lifetime seconds 86400
 set transform-set myset
 set pfs group5
 match address 100

interface dialer 0
 crypto map HO
LVL 32

Expert Comment

ID: 39674703
If you have NAT configured yo will still have problems, you also need to add a nonat rule for the VPN traffic flow.

harbor235 ;}

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Building small business network 4 72
VPN tunnel up, but no pings or remote resource access 13 121
Cisco ASDM device NT domain question 4 45
eigrp in site-to-site vpn 4 38
AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question