Site 2 Site IPSEC Tunnel CLI Config

Well, IPSEC tunnels tonight guys and gals!  There are five increments that a router goes through in regards to IPSEC tunnels:

1. Define interesting traffic
2. IKE Phase 1 ISAKMP SA
3. IKE Phase 2 IPSEC SA
4. Data is transmitted through IPSEC tunnel
5. Tunnel is tore down

The steps to get this thing going in the CLI are as follows:

SET ISAKMP POLICY

crypto isakmp policy [policy number (lowest to highest)]

authentication [pre-share, rsa, etc...]

encryption [aes, des, 3des]

group [1, 2, 5] \\defines DH group

hash [sha, md5]

lifetime [0-86400] \default is 24 hours or 86400

crypto isakmp key 0 [word] [ address] [ip] [no-xauth]

SET IPSEC TRANSFORM SET

cryptp ipsec transform-set [word] [encryption] [authentication]

DEFINE INTERESTING TRAFFIC

ip access-l ext 101

permit ip [source] [destination]

SET CRYPTO MAP

crypto map [word] [sequence num] [ipsec-isakmp]

set peer [ip address]

set transform-set [t-set]

match address [access-list]

APPLY CRYPTO MAP TO INTERFACE

crypto map [name]

IF NATTING!!!!
\\deny source-destination in nat access-list

show crypto isakmp sa

show crypto ipsec sa