Cisco site-to-site IPSec VPN

R1(config)#  crypto isakmp policy 1
R1(config-isakmp)# encr 3des
R1(config-isakmp)# hash sha
R1(config-isakmp)# authentication pre-share
R1(config-isakmp)# group 2
R1(config-isakmp)# lifetime 86400

R1(config)# crypto isakmp key firewallcx address

R1(config)# ip access-list extended VPN-TRAFFIC
R1(config-ext-nacl)# permit ip

R1(config)# crypto ipsec transform-set TS esp-3des esp-md5-hmac

R1(config)# crypto map CMAP 10 ipsec-isakmp

R1(config-crypto-map)# set peer
R1(config-crypto-map)# set transform-set TS
R1(config-crypto-map)# match address VPN-TRAFFIC
R1(config)# interface FastEthernet0/1
R1(config- if)# crypto map CMAP

R1(config)# interface FastEthernet0/1
R1(config- if)# crypto map CMAP

R1(config)# ip nat inside source list 100 interface fastethernet0/1 overload

R1(config)# access-list 100 remark -=[Define NAT Service]=-
R1(config)# access-list 100 deny ip
R1(config)# access-list 100 permit ip any
R1(config)# access-list 100 remark

The above commands define the following (in listed order):

3DES - The encryption method to be used for Phase 1.
MD5 - The hashing algorithm
Pre-share - Use Pre-shared key as the authentication method
Group 2 - Diffie-Hellman group to be used
86400 – Session key lifetime. Expressed in either kilobytes (after x-amount of traffic, change the key) or seconds. Value set is the default value.

AUST IT - Computer help out of hours, when you need it most.

Find out why we do it for less.


AUST IT will help you resolve any technical support issues you are facing onsite or remotely via remote desktop 24/7. More...


Reservoir, Melbourne,
3073, VIC, Australia

Phone: 0422 348 882

This email address is being protected from spambots. You need JavaScript enabled to view it.

Sydney: 0481 837 077


Join us in social networks to be in touch.


Complete the form below, and we'll send you our emails with all the latest AUST IT news.