(19 votes, average: 4.37 out of 5)
Loading ...Sat 13 Oct 2007
A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization’s network. The following tutorial will show you how to connect two locations together with an IPSec VPN using pre-shared authentication.
Broadband prices get lower and lower while speeds keep getting faster and faster. Although VPNs have mostly been used for non-critical, low traffic connections, many companies are looking to the internet for primary connectivity.
There are 5 basic steps to configure a vpn using cisco routers.
1) Configure the ISAKMP policy
2) Configure the ISAKMP pre-shared key
3) Configure the IPSec transform-set
4) Configure an access-list to identify traffic to be encrypted
5) Configure a crypto map to tie steps 2 - 4 together.
6) Apply the crypto map to the external interface.
| Configure router R1 |  |
| Configure router R2 | |
Download the ipsec.net config file and ISP router configuration here.
October 15th, 2007 at 12:02 am
good job!
October 15th, 2007 at 4:59 am
Great !!!
Would you provide example for Remote Access VPN?
October 16th, 2007 at 8:03 am
Remote Access VPN is on the list of future tutorials.
October 17th, 2007 at 1:18 am
Hi
please provide an example for configure ipsec between cisco router and Microsoft windows or linux
thanks
October 30th, 2007 at 2:33 pm
Hey, cool VPN video…can I download a copy it?
Thx!
Jason
November 12th, 2007 at 1:16 pm
WOW…Cool stuff, very usefull … Keep the good work sir..
I will keep in back to browse Blindhog..
Many Thanks.
November 23rd, 2007 at 7:00 pm
nice …do you know anything about router rip..and how to retrive lost passwords on a cisco router when it crash..??
November 23rd, 2007 at 11:52 pm
Sure. Do you need help with it or would you like a tutorial?
November 29th, 2007 at 4:15 pm
How to u configure the internet cloud?u have only talked of the 2 routers.
Please help
November 29th, 2007 at 9:09 pm
Sure. You can download a zip file with the ipsec.net and ISP router config HERE
December 5th, 2007 at 8:49 am
Which IOS is this? From my 3640 I can’t use the crypto isakmp commands.
December 5th, 2007 at 1:56 pm
You will need an encryption image.
December 11th, 2007 at 12:50 am
I did this by using 3725 router with ipsec enabled image.For ISP I used 3640 router.
Thx a lot.
December 21st, 2007 at 6:47 pm
I WOULD LIKE INFO ON ROUTER RIP CAN YOU SEND ME SOMETHING ON LOST PASS WORDS AT KOOL2BME1@YAHOO.COM…WOULD GREATLY APPRECIATE IT
December 23rd, 2007 at 9:22 am
RIP
http://www.google.com/search?hl=en&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&hs=xv7&q=how+to+configure+rip&btnG=Search
Lost Password
http://www.google.com/search?hl=en&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&hs=HGn&q=cisco+lost+password&btnG=Search
January 24th, 2008 at 4:57 pm
That was awesome and exactly what I was looking for!! Thank you!
February 2nd, 2008 at 9:47 am
I can’t thankyou enough for this tutorial. I have searched hi and low for a step by step to do just this.
You are the man!!!!!!
Thanks again for such a good tutorial
February 4th, 2008 at 1:58 pm
Great video,
Do you have any configureation tutorials doing the same thing using IPsec,
Between Cisco 3000 VPN Consentrator / Cisco 851
Been looking al over and caint find much on these two. With the info provided though will try and set something up
March 12th, 2008 at 11:12 am
Forgive my ignorance - but which IOS images contain encryption? I’ve got a whole library of IOS images! (I know this could open a can of worms explaining the whole naming convention thing! But just the basic of what to look for will do! Thanks in advance!)
March 12th, 2008 at 4:21 pm
If you have a cisco.com account, you can go to
http://www.cisco.com/go/fn
Use the feature navigator to find out what capabilities a particular image has.
March 13th, 2008 at 4:49 am
Dude! That’s exactly what I’m looking for. Cheers mate!
April 26th, 2008 at 1:49 pm
Would you provide example for pix-to-pix vpn?
April 29th, 2008 at 11:29 am
Is the VPN relationship 1:1 or 1:many? I.e. if I have two remote offices, can I get away with just one 851 at the home office, or does the home office need a separate router for each remote office?
April 29th, 2008 at 8:31 pm
Mule,
The VPN is a 1:many or many to many. You can have one router at the home office. The key that you have to use the same crypto map name.
crypto isakmp key R4zorb4ck address 23.45.67.2
crypto isakmp key R4zorb4ck address 34.56.78.2
crypto ipsec transform-set esp-aes-sha esp-aes esp-sha-hmac
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
crypto map vpn 10 ipsec-isakmp
match address 101
set peer 23.45.67.2
set transform-set esp-aes-sha
crypto map vpn 20 ipsec-isakmp
match address 102
set peer 34.56.78.2
set transform-set esp-aes-sha
int s0/0
crypto map vpn
Josh
May 2nd, 2008 at 9:00 am
Josh,
Thanks for the answer and the additional detail. The example you gave shows two remotes with static IPs. Is a similar configuration possible with dynamic IPs? The scenario is a home office with three telecommuters. We want to extend both our network and phone system to them over VPN, but I doubt they have static IPs at home. It would be worth the extra $ to get them a static, but for at least one user that might not be an option.
May 13th, 2008 at 12:35 pm
Thanks for making the configurations so clear and easy to follow. Your configs were a main resource for me setting up an IPSec VPN for my employeer. Thanks again!!!
May 21st, 2008 at 1:18 pm
that is just great……and its reallyy helpful. Good Job!!!!
June 9th, 2008 at 2:53 am
v v v god job done
June 10th, 2008 at 2:26 am
Very Goog job ……………. Thanks
pls. send some OSPF tutorial/Configuration links
-Riton
June 23rd, 2008 at 5:01 am
Hello.
I have a problemem using crypto command.
Can you provide a IOS or only its nate you used for this turorial?
I can’t find any encription image.
Thanks.