CCIE SEC v6 LAN-to-LAN IPsec Tunnel
LAN-to-LAN IPsec Tunnel Between HQ and branch Office
Below example topology HQ and Branch.

Configuration :
HQ Router | Branch Router |
interface Ethernet0/0 ip address 192.168.30.1 255.255.255.0 duplex auto ! interface Ethernet0/2 ip address 20.20.20.2 255.255.255.252 duplex auto crypto map mymap ! crypto isakmp policy 10 encr aes hash sha256 authentication pre-share group 14 crypto isakmp key Cisco123 address 10.10.10.2 ! crypto map mymap 10 ipsec-isakmp set peer 10.10.10.2 match address 101 ! ! ip route 0.0.0.0 0.0.0.0 20.20.20.1 ! ! access-list 101 permit ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255 | interface Ethernet0/0 ip address 192.168.20.1 255.255.255.0 duplex auto ! interface Ethernet0/1 ip address 10.10.10.2 255.255.255.252 duplex auto crypto map mymap ! crypto isakmp policy 10 encr aes hash sha256 authentication pre-share group 14 crypto isakmp key Cisco123 address 20.20.20.2 ! crypto map mymap 10 ipsec-isakmp set peer 20.20.20.2 match address 101 ! ip route 0.0.0.0 0.0.0.0 10.10.10.1 ! ! access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255 |
Testings
Initiate the ping from HQ to Branch :

Validation from HQ Router


Validation from Branch Router



happy Labbbinggggggggggggggggggggggg!