VPN Lan to Lan, Router to Router IPsec Cisco 831 3DES

[CandiceSerena]

Hi all!

I did some Cisco programming in the past and it was so incredibly simple because I had the programming commands in batch files and all I had to do was edit the file with my specific information and paste it on the command prompt and it was done. Does anyone know where I can find some of these types of batch files or programming scripts? I no longer have access to my previous resources. I'm doing quite a simple thing. I'm making a Virtual Private Network between two Cisco 831 routers using 3DES and if I had one of these batch files or at least one that remotely looks like one, I could get some sleep this weekend. HELP!

 

[andf1]

The Cisco web site has a million examples. Please see;

http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html

or

http://makeashorterlink.com/?K5B532F38

Andy

 

[CandiceSerena]

Yes, but mine is sooooo easy that it's complcated. Firstly, I've never done 3DES encryption. I haven't even touched a router in three years!!

2 Cisco 831 routers. I need to make one VPN using 3DES encryption.

I need to edit this to make it match my equipment. I will put in parenthesis what I THINK needs to be done on each line to make this into a file that I can paste at the router prompt. but I'm not sure. So, any clues would be helpful--put [ ] brackets around the clues so I'll know that when I see them. The parts with no comments I have no questions about. Thanks!


Router_A#write terminal (Delete this line_)
Building configuration... (Delete this line_)

Current configuration : 1638 bytes (Delete this line_)

!
version 12.3 (Delete this line_)

service timestamps debug datetime msec (Keep_)
service timestamps log datetime msec (Keep_)

no service password-encryption (Keep_)

!
hostname Router_A (put my router's name here)
!
boot system flash:c2691-ik9o3s-mz.123-1a.bin (??????Delete this line_ or use my system flash file name here???)

!
ip subnet-zero (Keep_)

!
ip audit notify log (Keep_)

ip audit po max-events 100 (Keep_)

no ftp-server write-enable (Keep_)

!
crypto isakmp policy 1 (Keep_ (Keep_ (Keep_)
encr 3des (I added this here myself_)
hash md5 (Keep_)

authentication pre-share (Keep_)

crypto isakmp key cisco123 address 95.95.95.2 (Where do I get my "pre-share" key from?????? Add the IP ADDRESS of the other router)
!
crypto ipsec transform-set rtpset esp-des esp-md5-hmac (Keep_)

!
crypto map rtp 1 ipsec-isakmp (what needs to go in that place that says rtp?????? I'm using router to router over DSL all ethernet internally) (Keep_)

set peer 95.95.95.2 (Address of the other router) (Keep_)

set transform-set rtpset (Keep_)


!--- Include the private network to private network traffic
!--- in the encryption process.

match address 115 (Where do I find out what address I'm trying to match????? I know that 115 needs to be edited but I don't know what to put there)
!
no voice hpi capture buffer (Keep_)

no voice hpi capture destination (Keep_)

!
interface FastEthernet0/0 (it's Gigbit Ethernet internally, but I think it's normal Ethernet from the DSL Modem to the router what should I use here?)

ip address 99.99.99.2 255.255.255.0 (I'm sure this is this the address of the other router also????? Is it)
ip nat outside (Keep_)

duplex auto (Keep_)

speed auto (Keep_)

crypto map rtp (Keep_ again, I know that rtp is the name of something but I don't know what)

!
interface FastEthernet0/1
ip address 10.50.50.50 255.255.255.0
ip nat inside
duplex auto
speed auto
!

!--- Except the private network traffic from the
!--- Network Address Translation (NAT) process.

ip nat inside source route-map nonat interface FastEthernet0/0 overload
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 99.99.99.1 (Do I use the gateway of the other computer here????)
!

!--- Except the private network traffic from the NAT process.

access-list 110 deny ip 10.50.50.0 0.0.0.255 10.103.1.0 0.0.0.255
access-list 110 permit ip 10.50.50.0 0.0.0.255 any

!--- Include the private network to private network traffic
!--- in the encryption process.

access-list 115 permit ip 10.50.50.0 0.0.0.255 10.103.1.0 0.0.0.255
!

!--- Except the private network traffic from the NAT process.

route-map nonat permit 10
match ip address 110
!
dial-peer cor custom
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
end

Router_A#


Router B

Router_B#write terminal
Building configuration...
Current configuration : 1394 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_B
!
boot system flash:c2691-ik9o3s-mz.123-1a.bin
!
ip subnet-zero
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key cisco123 address 99.99.99.2
!
crypto ipsec transform-set rtpset esp-des esp-md5-hmac
!
crypto map rtp 1 ipsec-isakmp
set peer 99.99.99.2
set transform-set rtpset

!--- Include the private network to private network traffic
!--- in the encryption process.

match address 115
!
no voice hpi capture buffer
no voice hpi capture destination
!
interface FastEthernet0/0
ip address 95.95.95.2 255.255.255.0
ip nat outside
duplex auto
speed auto
crypto map rtp
!
interface FastEthernet0/1
ip address 10.103.1.75 255.255.255.0
ip nat inside
duplex auto
speed auto
!

!--- Except the private network traffic from the NAT process.

ip nat inside source route-map nonat interface FastEthernet0/0 overload
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 95.95.95.1
!

!--- Except the private network traffic from the NAT process.

access-list 110 deny ip 10.103.1.0 0.0.0.255 10.50.50.0 0.0.0.255
access-list 110 permit ip 10.103.1.0 0.0.0.255 any

!--- Include the private network to private network traffic
!--- in the encryption process.

access-list 115 permit ip 10.103.1.0 0.0.0.255 10.50.50.0 0.0.0.255
!

!--- Except the private network traffic from the NAT process.

route-map nonat permit 10
match ip address 110
!
dial-peer cor custom
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
end
Router_B#