Cisco site to site VPN Configuration Cheatsheet

Please find enclosed the cisco site to site VPN configuration in a nutshell. These basic commands would help in configuring a site to site VPN setup. This can also assist in troubleshooting vpn issues.

VPN Configuration Steps:

sysopt connection permit-ipsec
Phase I
isakmp enable outside
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
iaskmp policy 10 authentication pre-share or rsa-sig
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400

isakmp key abc123 address 192.168.1.2 netmask 255.255.255.255
isakmp identity address

show isakmp policy
show isakmp

Phase 2
access-list 101 permit ip 10.0.1.0 255.255.255.0 172.16.1.0 255.255.255.0
nat (inside) 0 access-list 101
crypto ipsec transform-set customer1 esp-des esp-sha-hmac

crypto map PIX1MAP 10 ipsec-isakmp
crypto map PIX1MAP 10 match address 101
crypto map PIX1MAP 10 set peer 192.168.2.1
crypto map PIX1MAP 10 set transform-set customer1
crypto map PIX1MAP 10 set security-association lifetime seconds 28800
crypto map PIX1MAP 10 set pfs group1
crypto map PIX1MAP interface outside

crypto dynamic-map dynamic-map-name dynamic-seq-num

show crypto map
show isakmp
show isakmp policy
show access-list
show crypto ipsec transform-set
show crypto map

clear crypto ipsec sa
clear crypto isakmp sa
debug crypto ipsec
debug crypto isakmp