VPN Configuration Implement IKE (Internet Key Exchnage) parameters R1(config)# crypto isakmp enable Must be done on both

routers Establish ISAKMP (Internet Security Association and Key Management Protocol) R1(config)# crypto isakmp policy <policy number> Must be done on both routers Configure policy parameters R1(config)# crypto isakmp policy <policy number> R1(config-isakmp)# authentication pre-share R1(config-isakmp)# encryption aes 256 R1(config-isakmp)# hash sha R1(config-isakmp)# group 5 R1(config-isakmp)# lifetime 3600 R1(config-isakmp)# end Verify IKE policy R1# show crypto isakmp policy Configure pre-shared keys R1(config)# crypto isakmp key <preshared key> address <R3 ip address> R3(config)# crypto isakmp key <preshared key> address <R1 ip address> Configure IPsec transform set R1(config)# crypto ipsec transform-set <tag number> <parameters> Must be done on both routers e.g. R1(config)# crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac R1(cfg-crypto-trans)#exit Change IPsec security association lifetime R1(config)# crypto ipsec security-association lifetime seconds 1800 Define traffic for VPN R1(config)# access-list 101 permit ip <source network> <dest network> Create and apply crypto map R1(config)# crypto map <name> <policy num> <type> R1(config-crypto-map)# match address <acl number> R1(config-crypto-map)# set peer <remote ip address> R1(config-crypto-map)# set pfs <type> R1(config-crypto-map)# set transform-set <tag number> R1(config-crypto-map)# set security-association lifetime seconds <time> R1(config-crypto-map)# exit e.g. R3(config)# crypto map CMAP 10 ipsec-isakmp R3(config-crypto-map)# match address 101 R3(config-crypto-map)# set peer 10.1.1.1 R3(config-crypto-map)# set pfs group5 R3(config-crypto-map)# set transform-set 50 R3(config-crypto-map)# set security-association lifetime seconds 900 R3(config-crypto-map)# exit Apply crypto map to interface R1(config)# interface S0/0/0 R1(config-if)# crypto map <name>