There are a lot of different ways to configure VPNs on your router. What I am going to do here is add a straight VPN connection between the Corp and R3 routers.
After clicking on VPN in the Tasks bar, I clicked Site-to-Site VPN and received the Create Site to Site VPN tab.
I selected Create a Site to Site VPN and then clicked Launch the Selected Task to get the Site to Site VPN screen.
I clicked View Defaults and took a peek at what the router was going to configure:
After clicking Close, I clicked Next to receive the VPN Connection Information screen:
I added the static IP address of my peer router (R3), added a pre-shared key, chose my source address of the Corp router, and the destination address, which happens to be the same address as my peer router (R3). I then clicked Next.
I received a summary of the VPN configuration running IPSec. Whew…man, before SDM, I always had to configure VPNs with IPSec by default. This is so easy! I clicked Finish. OK, the best part is coming up! I received this next screen from the SDM.
It’s asking if it’s OK to test the VPN connection. I clicked Yes, of course. SDM then returned another screen asking me for the source and destination addresses and also asking if I wanted to generate traffic or let SDM generate it. I chose to let SDM.
I receive a response from SDM telling me there was a problem with the link and asked if SDM could fix it for me….umm…okay, sure! Once I did that I received this screen.
So, it found a problem and fixed it for me. It’s like having my very own advanced tech support elf—sweet! Man, SDM would be worth the money just for this feature alone! Let’s take a look at the Corp router’s running-config and see what was uploaded to the router’s config:
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address 10.1.5.2
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to10.1.5.2
set peer 10.1.5.2
set transform-set ESP-3DES-SHA
match address 104
!
interface Serial0/2/0
[output cut]
crypto map SDM_CMAP_1
!
access-list 104 remark SDM_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 10.1.5.0 0.0.0.255 10.1.5.0 0.0.0.255
!
Yikes! Is this something you think you’d want to try and get working on your own without the help of our tech support elf-genius? The answer is a resounding no! I’ve done it for years, and it is no day at the beach.
Since we can now do the hardest of hardest configurations easily using SDM elves, why stop now? Let’s add some QoS!
After clicking on VPN in the Tasks bar, I clicked Site-to-Site VPN and received the Create Site to Site VPN tab.
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address 10.1.5.2
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to10.1.5.2
set peer 10.1.5.2
set transform-set ESP-3DES-SHA
match address 104
!
interface Serial0/2/0
[output cut]
crypto map SDM_CMAP_1
!
access-list 104 remark SDM_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 10.1.5.0 0.0.0.255 10.1.5.0 0.0.0.255
!
Yikes! Is this something you think you’d want to try and get working on your own without the help of our tech support elf-genius? The answer is a resounding no! I’ve done it for years, and it is no day at the beach.
Since we can now do the hardest of hardest configurations easily using SDM elves, why stop now? Let’s add some QoS!
No comments:
Post a Comment