Published by Keyboard Banger on

Steps to create IPSEC VPN:
– define ISAKMP Policies
– define ISAKMP preshared key (if authentication method is Pre-share)
– define IPSEC Transform Sets
– define IPSEC security associations
– define interesting traffic through Proxy Identity (or crypto ACL)
– link crypto ACL and IPSEC TS with a Crypto Map
– put the crypto map under the Internet-facing interface

configuring IPSEC VPN between R2 and R3
There was a problem at first. Debug command helped see the error:
We look back at the configuration on both R2 and R3 and discover that “set transform-set” is missing on R3:

We corrected the problem and did a ping from R2 to R3.

IPSEC VPN in area 34
I created an IPv4 IPSEC VPN between R3 and R4. This is IPv4.

show crypto map

Show crypto map interface …
show crypto session

show crypto session detail

Show crypto ipsec sa interface …

– non-interesting traffic does not bring the VPN up. To prove that, we did a debug of ipsec on R3, and we issued a ping from a non interesting interface on R4:

Keyboard Banger

Keyboard Banger is a network engineer from Africa. He has been working in network support and administration since 2008. He started writing study notes about certification exams and technology topics a couple of years ago. When he's not writing articles, he can be found wandering on technical forums.


Leave a Reply

Your email address will not be published. Required fields are marked *