Solved

SITE TO STIE CISCO VPN

Posted on 2013-11-16
3
744 Views
Last Modified: 2014-01-01
Hi,

Im trying to establish a Site to Site IPSEC VPN using a Cisco 891 3G Router and another Unknown Cisco Router from Head Office.

My Job is to configure the Cisco 891 3G Router to establish a Site to Site VPN Connection to the Head office Router and the Head office Network Engineers have provided the configurations that has to be done by me on this 891 3G Brach office router to establish a VPN Tunnel to HO. I have attached the configuration information provided by HO Enigneers for your reference.

I my self assume the below configuration to create the VPN Tunnel to the HO Router based on the details provided by HO Engineers.

router(config)#
crypto isakmp policy 1
authentication pre-share
hash sha1
encryption aes 256
group 5
lifetime 86400
exit
crypto isakmp key !A8Ia<560d{hsEISR`;%!<7Wg8#{9/B08&&W9B| address X.X.X.X
end
router(config)#
crypto ipsec transform-set myset esp-aes esp-sha
exit

router(config)#
access-list 101 permit ip 192.168.101.0 0.0.0.255 172.27.47.32 0.0.0.31
crypto HO 10 ipsec-isakmp
set peer X.X.X.X
match address 101
set transform-set myset
end
router(config)#
int dialer 0
crypto map HO



Could you please check and see whether the configuration provided above has all commands to establish the IPSEC VPN Tunnel to HO with the information provided by HO Engineers.

Also please provide step by step instructions to configure Site to Site VPN on cisco 891 3G Router.
HO-Configuration-given-to-config.txt
0
Comment
Question by:nirmal_s19
3 Comments
 

Author Comment

by:nirmal_s19
ID: 39655649
any help on the above please, its been 2 days since i requested for help
0
 
LVL 7

Accepted Solution

by:
logic2 earned 500 total points
ID: 39656154
Hello

Here is how I think the configuration should be.
Please note that you have to know the preshared key in clear text in order to configure it below.

crypto isakmp policy 1
 authentication pre-share
 encr aes 256
 group 5
 hash sha
 lifetime 86400

!
crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
!
crypto isakmp key 0 <Key> address x.x.x.x
!
access-list 100 permit ip 192.168.101.0 0.0.0.255 172.27.47.32 0.0.0.224
!
!
crypto map HO 10 ipsec-isakmp
 set peer x.x.x.x
 set security-association lifetime seconds 86400
 set transform-set myset
 set pfs group5
 match address 100

interface dialer 0
 crypto map HO
0
 
LVL 32

Expert Comment

by:harbor235
ID: 39674703
If you have NAT configured yo will still have problems, you also need to add a nonat rule for the VPN traffic flow.


harbor235 ;}
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now