Creating an Encrypted Router-to-Router VPN in a GRE Tunnel
Problem
You want to create an encrypted VPN through the Internet by connecting two routers using preshared keys.
Solution
In this example, we show how to use IPSec to encrypt traffic from router to another through a GRE tunnel. Here is the configuration of the first router:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#crypto isakmp policy
Router1(config-isakmp)#
10
encr aes
Router1(config-isakmp)#
256
authentication pre-share
Router1(config-isakmp)#group
Router1(config-isakmp)#
2
exit
Router1(config)#crypto isakmp key
TUNNELKEY01
address
172.16.2.1
no-xauth
Router1(config)#crypto ipsec transform-set
TUNNEL-TRANSFORM
ah-sha-hmac esp-aes 256
Router1(cfg-crypto-trans)#mode transport
Router1(cfg-crypto-trans)#exit
Router1(config)#crypto map
TUNNELMAP 10
ipsec-isakmp
% NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured. Router1(config-crypto-map)#set peer
Router1(config-crypto-map)#
172.16.2.1
set transform-set
Router1(config-crypto-map)#
TUNNEL-TRANSFORM
match address
Router1(config-crypto-map)#
102
exit
Router1(config)#access-list
102
permit gre host
172.16.1.1
host
Router1(config)#
172.16.2.1
interface
Router1(config-if)#
Tunnel1
ip address
Router1(config-if)#
192.168.1.1 255.255.255.252
tunnel source
Router1(config-if)#
172.16.1.1
tunnel destination
Router1(config-if)#
172.16.2.1
exit
Router1(config)#interface
FastEthernet0/0 ...
Get Cisco IOS Cookbook, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.