IPSEC VPN with multiple endpoints


Hello ! IPsec VPN with multiply endpoints …. I confess it did take me a while to lab it up and make those 3 sites to be able to reach each other !

 

IPSEC VPN with multiple endpoints

====
R1
====
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 195.234.226.26
!
crypto ipsec transform-set MYSET esp-aes esp-sha-hmac
!
crypto map MYMAP 1 ipsec-isakmp
set peer 195.234.226.26
set transform-set MYSET
match address 100
!
interface GigabitEthernet0/0
ip address 82.20.76.209 255.255.255.0
duplex auto
speed auto
crypto map MYMAP
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
access-list 100 permit ip host 10.5.12.6 host 10.36.52.26

 

====
R2
====
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 195.234.226.26
!
crypto ipsec transform-set MYSET esp-aes esp-sha-hmac
!
crypto map MYMAP 2 ipsec-isakmp
set peer 195.234.226.26
set transform-set MYSET
match address 100
!
interface Ethernet0/0
ip address 172.210.59.98 255.255.255.240
duplex auto
speed auto
crypto map MYMAP
!
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
!
access-list 100 permit ip 10.7.16.51 0.0.0.0  10.36.52.26 0.0.0.0

 

====
R3
====
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 82.20.76.209
crypto isakmp key cisco address 172.210.59.98
!
crypto ipsec transform-set MYSET esp-aes esp-sha-hmac
!
crypto map MYMAP 1 ipsec-isakmp
description TUNNEL TO EFD
set peer 82.20.76.209
set transform-set MYSET
match address 100
crypto map MYMAP 2 ipsec-isakmp
description TUNNEL TO US
set peer 172.210.59.98
set transform-set MYSET
match address 110
!
interface GigabitEthernet0/1
ip address 195.234.226.26 255.255.255.128
duplex auto
speed auto
crypto map MYMAP
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
!
access-list 100 permit ip host 10.36.52.26 host 10.5.12.6
access-list 110 permit ip host 10.36.52.26 host 10.7.16.51

 

 

Enjoy !

Tom

 

 

 

Advertisements

About ccie4all
Hello, and welcome to the first post of my CCIE blog This blog has got one simple goal and that is to improve our skills in Cisco Networking field so we can become best engineers on a job market. Wordpress Blog https://ccie4all.wordpress.com/ information about the changes made to Gns3 BGP , MPLS and R&S CCIE labs. In order to access and download all provided materials and receive important updates from Gns3 BGP , MPLS and R&S CCIE labs under GNS3 tab in the main header please go ahead and subscribe to https://ccie4all.wordpress.com/ ! All other posts have not been affected and can be accessed at any given time. Enjoy ! Tom

One Response to IPSEC VPN with multiple endpoints

  1. Ayeesha says:

    Hi!

    What if your R1 and R2 is connected in the same LAN, say 192.168.10.x? So you will have just one ACL instead of 2 in R3 right? Will your configuration work the same way since MYMAP sequence 1 and sequence 2 will have the same ACL? Thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: