Solved

SITE TO STIE CISCO VPN

Posted on 2013-11-16
3
743 Views
Last Modified: 2014-01-01
Hi,

Im trying to establish a Site to Site IPSEC VPN using a Cisco 891 3G Router and another Unknown Cisco Router from Head Office.

My Job is to configure the Cisco 891 3G Router to establish a Site to Site VPN Connection to the Head office Router and the Head office Network Engineers have provided the configurations that has to be done by me on this 891 3G Brach office router to establish a VPN Tunnel to HO. I have attached the configuration information provided by HO Enigneers for your reference.

I my self assume the below configuration to create the VPN Tunnel to the HO Router based on the details provided by HO Engineers.

router(config)#
crypto isakmp policy 1
authentication pre-share
hash sha1
encryption aes 256
group 5
lifetime 86400
exit
crypto isakmp key !A8Ia<560d{hsEISR`;%!<7Wg8#{9/B08&&W9B| address X.X.X.X
end
router(config)#
crypto ipsec transform-set myset esp-aes esp-sha
exit

router(config)#
access-list 101 permit ip 192.168.101.0 0.0.0.255 172.27.47.32 0.0.0.31
crypto HO 10 ipsec-isakmp
set peer X.X.X.X
match address 101
set transform-set myset
end
router(config)#
int dialer 0
crypto map HO



Could you please check and see whether the configuration provided above has all commands to establish the IPSEC VPN Tunnel to HO with the information provided by HO Engineers.

Also please provide step by step instructions to configure Site to Site VPN on cisco 891 3G Router.
HO-Configuration-given-to-config.txt
0
Comment
Question by:nirmal_s19
3 Comments
 

Author Comment

by:nirmal_s19
Comment Utility
any help on the above please, its been 2 days since i requested for help
0
 
LVL 7

Accepted Solution

by:
logic2 earned 500 total points
Comment Utility
Hello

Here is how I think the configuration should be.
Please note that you have to know the preshared key in clear text in order to configure it below.

crypto isakmp policy 1
 authentication pre-share
 encr aes 256
 group 5
 hash sha
 lifetime 86400

!
crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac
!
crypto isakmp key 0 <Key> address x.x.x.x
!
access-list 100 permit ip 192.168.101.0 0.0.0.255 172.27.47.32 0.0.0.224
!
!
crypto map HO 10 ipsec-isakmp
 set peer x.x.x.x
 set security-association lifetime seconds 86400
 set transform-set myset
 set pfs group5
 match address 100

interface dialer 0
 crypto map HO
0
 
LVL 32

Expert Comment

by:harbor235
Comment Utility
If you have NAT configured yo will still have problems, you also need to add a nonat rule for the VPN traffic flow.


harbor235 ;}
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

There are times where you would like to have access to information that is only available from a different network. This network could be down the hall, or across country. If each of the network sites have access to the internet, you can create a ne…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now