Cisco site to site VPN Configuration Cheatsheet
Cisco
VPN
Please find enclosed the cisco site to site VPN configuration in a nutshell. These basic commands would help in configuring a site to site VPN setup. This can also assist in troubleshooting vpn issues.
VPN Configuration Steps:
sysopt connection permit-ipsec
Phase I
isakmp enable outside
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
iaskmp policy 10 authentication pre-share or rsa-sig
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp key abc123 address 192.168.1.2 netmask 255.255.255.255
isakmp identity address
show isakmp policy
show isakmp
Phase 2
access-list 101 permit ip 10.0.1.0 255.255.255.0 172.16.1.0 255.255.255.0
nat (inside) 0 access-list 101
crypto ipsec transform-set customer1 esp-des esp-sha-hmac
crypto map PIX1MAP 10 ipsec-isakmp
crypto map PIX1MAP 10 match address 101
crypto map PIX1MAP 10 set peer 192.168.2.1
crypto map PIX1MAP 10 set transform-set customer1
crypto map PIX1MAP 10 set security-association lifetime seconds 28800
crypto map PIX1MAP 10 set pfs group1
crypto map PIX1MAP interface outside
crypto dynamic-map dynamic-map-name dynamic-seq-num
show crypto map
show isakmp
show isakmp policy
show access-list
show crypto ipsec transform-set
show crypto map
clear crypto ipsec sa
clear crypto isakmp sa
debug crypto ipsec
debug crypto isakmp
Cisco
VPN
Please find enclosed the cisco site to site VPN configuration in a nutshell. These basic commands would help in configuring a site to site VPN setup. This can also assist in troubleshooting vpn issues.
VPN Configuration Steps:
sysopt connection permit-ipsec
Phase I
isakmp enable outside
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
iaskmp policy 10 authentication pre-share or rsa-sig
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp key abc123 address 192.168.1.2 netmask 255.255.255.255
isakmp identity address
show isakmp policy
show isakmp
Phase 2
access-list 101 permit ip 10.0.1.0 255.255.255.0 172.16.1.0 255.255.255.0
nat (inside) 0 access-list 101
crypto ipsec transform-set customer1 esp-des esp-sha-hmac
crypto map PIX1MAP 10 ipsec-isakmp
crypto map PIX1MAP 10 match address 101
crypto map PIX1MAP 10 set peer 192.168.2.1
crypto map PIX1MAP 10 set transform-set customer1
crypto map PIX1MAP 10 set security-association lifetime seconds 28800
crypto map PIX1MAP 10 set pfs group1
crypto map PIX1MAP interface outside
crypto dynamic-map dynamic-map-name dynamic-seq-num
show crypto map
show isakmp
show isakmp policy
show access-list
show crypto ipsec transform-set
show crypto map
clear crypto ipsec sa
clear crypto isakmp sa
debug crypto ipsec
debug crypto isakmp
No comments:
Post a Comment