Configure Site-to-Site IPSec VPN

Configure Site-to-Site IPSec  VPN

Network Topology :

IPSec Site-to-Site VPN

Running Configuration Script ;
JAKARTA#show run
Building configuration…

Current configuration : 1578 bytes
!
!
hostname JAKARTA
!
enable secret 5 $1$1HnK$WK8y86i/tdidazXthnuVi1
!
crypto isakmp policy 1
encr aes
authentication pre-share
crypto isakmp key fery123 address 20.20.20.1

!
!
crypto ipsec transform-set FERY esp-aes esp-sha-hmac
!

crypto map MAP 1 ipsec-isakmp
set peer 20.20.20.1
set transform-set FERY
set pfs group2
match address 101

!
!
interface Tunnel0
description *** TUNNEL TO BANDUNG ***
ip address 192.168.100.1 255.255.255.0
tunnel source FastEthernet1/1
tunnel destination 20.20.20.1
crypto map MAP
!
interface FastEthernet1/0
description *** LAN ***
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet1/1
description *** TO ISP ***
ip address 10.10.10.1 255.255.255.0
crypto map MAP
!
ip route 20.20.20.0 255.255.255.0 10.10.10.2
ip route 192.168.20.0 255.255.255.0 192.168.100.2

!
access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
!

JAKARTA#
JAKARTA#show ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet1/0 192.168.10.1 YES NVRAM up up
FastEthernet1/1 10.10.10.1 YES NVRAM up up
Tunnel0 192.168.100.1 YES manual up up
JAKARTA#
*******************************************************************************
BANDUNG#show run
Building configuration…

Current configuration : 1639 bytes
!
hostname BANDUNG
!
enable secret 5 $1$.J4i$66Xm1vwYI85PL5YE/UdZw/
!
crypto isakmp policy 1
encr aes
authentication pre-share
crypto isakmp key fery123 address 10.10.10.1

!
!
crypto ipsec transform-set FERY esp-aes esp-sha-hmac
!
crypto map MAP 1 ipsec-isakmp
set peer 10.10.10.1
set transform-set FERY
set pfs group2
match address 101

!
interface Tunnel0
description *** TUNNEL TO JAKARTA ***
ip address 192.168.100.2 255.255.255.0
tunnel source FastEthernet1/1
tunnel destination 10.10.10.1
crypto map MAP

!
interface FastEthernet1/0
description *** CONNECTION TO LAN ***
ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet1/1
description *** CONNECTION TO ISP ***
ip address 20.20.20.1 255.255.255.0
crypto map MAP

!
ip route 0.0.0.0 0.0.0.0 20.20.20.2
ip route 10.10.10.0 255.255.255.0 20.20.20.2
ip route 192.168.10.0 255.255.255.0 192.168.100.1

!
access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
!
end

BANDUNG#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet1/0 192.168.20.1 YES NVRAM up up
FastEthernet1/1 20.20.20.1 YES NVRAM up up
Tunnel0 192.168.100.2 YES manual up up
BANDUNG#
BANDUNG#

*******************************************************************************
Verification Command
*******************************************************************************

JAKARTA#show crypto session
Crypto session current status

Interface: FastEthernet1/1
Session status: UP-ACTIVE
Peer: 20.20.20.1 port 500
IKE SA: local 10.10.10.1/500 BANDUNG 20.20.20.1/500 Active
IPSEC FLOW: permit ip 192.168.10.0/255.255.255.0 192.168.20.0/255.255.255.0
Active SAs: 2, origin: crypto map
IPSEC FLOW: permit ip 192.168.10.0/255.255.255.0 192.168.20.0/255.255.255.0
Active SAs: 2, origin: crypto map

JAKARTA#
JAKARTA#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
20.20.20.1 10.10.10.1 QM_IDLE 1001 0 ACTIVE

IPv6 Crypto ISAKMP SA

JAKARTA#show crypto ipsec sa

interface: FastEthernet1/1
Crypto map tag: MAP, local addr 10.10.10.1

protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
BANDUNG ident (addr/mask/prot/port): (192.168.20.0/255.255.255.0/0/0)
current_peer 20.20.20.1 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 24, #pkts encrypt: 24, #pkts digest: 24
#pkts decaps: 24, #pkts decrypt: 24, #pkts verify: 24
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0

local crypto endpt.: 10.10.10.1, BANDUNG crypto endpt.: 20.20.20.1
path mtu 1500, ip mtu 1500
current outbound spi: 0x24C882F1(617120497)

….
….
JAKARTA#

*******************************************************************************

BANDUNG#show crypto session
Crypto session current status

Interface: FastEthernet1/1
Session status: UP-ACTIVE
Peer: 10.10.10.1 port 500
IKE SA: local 20.20.20.1/500 BANDUNG 10.10.10.1/500 Active
IPSEC FLOW: permit ip 192.168.20.0/255.255.255.0 192.168.10.0/255.255.255.0
Active SAs: 2, origin: crypto map
IPSEC FLOW: permit ip 192.168.20.0/255.255.255.0 192.168.10.0/255.255.255.0
Active SAs: 2, origin: crypto map

BANDUNG#
BANDUNG#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
20.20.20.1 10.10.10.1 QM_IDLE 1001 0 ACTIVE

IPv6 Crypto ISAKMP SA

BANDUNG#
BANDUNG#
BANDUNG#
BANDUNG#show crypto ipsec sa

interface: FastEthernet1/1
Crypto map tag: MAP, local addr 20.20.20.1

protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.20.0/255.255.255.0/0/0)
BANDUNG ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
current_peer 10.10.10.1 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 24, #pkts encrypt: 24, #pkts digest: 24
#pkts decaps: 24, #pkts decrypt: 24, #pkts verify: 24
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 20.20.20.1, BANDUNG crypto endpt.: 10.10.10.1
path mtu 1500, ip mtu 1500
current outbound spi: 0x26162F42(638988098)

BANDUNG#

~ by feryjunaedi on March 18, 2009.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: