CHAPTER
36-1
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
36
Configuring LAN-to-LAN IPSec VPNs
LAN-to-LAN VPN configurations are between two IPSec security gateways, such as security appliances
or other protocol-compliant VPN devices. A LAN-to-LAN VPN connects networks in different
geographic locations.
This chapter describes how to build a LAN-to-LAN VPN connection. It includes the following sections:
• Summary of the Configuration, page 36-1
• Configuring Interfaces, page 36-2
• Configuring ISAKMP Policy and Enabling ISAKMP on the Outside Interface, page 36-2
• Creating a Transform Set, page 36-4
• Configuring an ACL, page 36-4
• Defining a Tunnel Group, page 36-5
• Creating a Crypto Map and Applying It To an Interface, page 36-6
Summary of the Configuration
This section provides a summary of the example LAN-to-LAN configuration this chapter creates. Later
sections provide step-by-step instructions.
hostname(config)# interface ethernet0
hostname(config-if)# ip address 10.10.4.100 255.255.0.0
hostname(config-if)# no shutdown
hostname(config)# isakmp policy 1 authentication pre-share
hostname(config)# isakmp policy 1 encryption 3des
hostname(config)# isakmp policy 1 hash sha
hostname(config)# isakmp policy 1 group 2
hostname(config)# isakmp policy 1 lifetime 43200
hostname(config)# isakmp enable outside
hostname(config)# crypto ipsec transform set FirstSet esp-3des esp-md5-hmac
hostname(config)# access-list l2l_list extended permit ip 192.168.0.0 255.255.0.0
150.150.0.0 255.255.0.0
hostname(config)# tunnel-group 10.10.4.108 type ipsec-l2l
hostname(config)# tunnel-group 10.10.4.108 ipsec-attributes
hostname(config-ipsec)# pre-shared-key 44kkaol59636jnfx
hostname(config)# crypto map abcmap 1 match address l2l_list
hostname(config)# crypto map abcmap 1 set peer 10.10.4.108
hostname(config)# crypto map abcmap 1 set transform-set FirstSet
hostname(config)# crypto map abcmap interface outside
hostname(config)# write memory
To Next Page
Loading...
