CCIE – Sec | Balaji Bandi

CCIE SEC v6 LAN-to-LAN IPsec Tunnel

May 15, 2024 / Balaji Bandi / 0 Comments

LAN-to-LAN IPsec Tunnel Between HQ and branch Office

Below example topology HQ and Branch.

Configuration :

HQ Router

Branch Router

interface Ethernet0/0
ip address 192.168.30.1 255.255.255.0
duplex auto
!
interface Ethernet0/2
ip address 20.20.20.2 255.255.255.252
duplex auto
crypto map mymap
!
crypto isakmp policy 10
encr aes
hash sha256
authentication pre-share
group 14
crypto isakmp key Cisco123 address 10.10.10.2
!
crypto map mymap 10 ipsec-isakmp
set peer 10.10.10.2
match address 101
!
!
ip route 0.0.0.0 0.0.0.0 20.20.20.1
!
!
access-list 101 permit ip 192.168.30.0 0.0.0.255 192.168.20.0 0.0.0.255

interface Ethernet0/0
ip address 192.168.20.1 255.255.255.0
duplex auto
!
interface Ethernet0/1
ip address 10.10.10.2 255.255.255.252
duplex auto
crypto map mymap
!
crypto isakmp policy 10
encr aes
hash sha256
authentication pre-share
group 14
crypto isakmp key Cisco123 address 20.20.20.2
!
crypto map mymap 10 ipsec-isakmp
set peer 20.20.20.2
match address 101
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
!
access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255

Testings

Initiate the ping from HQ to Branch :

Validation from HQ Router

Validation from Branch Router

happy Labbbinggggggggggggggggggggggg!