Configuring Site to Site IPSec VPN Tunnel Between Cisco Routers.
What are Site-to-Site IPSECtunnels:
We create Site-to-site IPSEC tunnels to transfer data between two sites. We use tunnels to establish connection between sites or branches. There are always two ways to establish connection between branches. Whether you chose data only plan from an ISP. Then you don't have to use the tunnels. You will use their network and connect all your branches with the ISP and form a network. But in general this is also an expensive approach in terms of cost. The other solution is form tunnels over Internet. In that case all you have to pay is your Internet monthly expense. Now coming back to point, there are different levels of tunnel. The simplestway is only from tunnels between branches. To go more secure we use IP sec tunnels which we are going to discuss here.
==================================================== ISAKMP (Internet Security Association and Key Management Protocol) ISAKMP (Internet Security Association and Key Management Protocol) and IPSec are essential to building and encrypting the VPN tunnel. ISAKMP, also called IKE (Internet Key Exchange), is the negotiation protocol that allows two hosts to agree on how to build an association. ISAKMP negotiation consists of two phases: Phase 1 and Phase 2.
3DES - The encryption method to be used for Phase 1. MD5 - The hashing algorithm Pre-share - Use Pre-shared key as the authentication method Group 2 - Diffie-Hellman group to be used 86400 – Session key lifetime. Expressed in either kilobytes (after x-amount of traffic, change the key) or seconds. Value set is the default
Next we are going to define a pre shared key for authentication with our peer (R2 router) by using the following command: R1(config)# crypto isakmp key itmag address 10.10.10.2
Creating Extended ACL R1(config)# ip access-list extended VPN-TRAFFIC R1(config-ext-nacl)# permit ip 192.168.50.0 0.0.0.255 192.168.30.0 0.0.0.255