# IPsec Site-to-Site VPN using pre-shared-key ###### tags: `cisco` `vpn` `ipsec` Configure IPsec site to site vpn using pre-shared key on Cisco router Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfike.html http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfipsec.html ``` ----------------------------------------- 1. create IKE policies ----------------------------------------- #crypto isakmp enable #crypto isakmp policy #authentication <pre-share | rsa-sig | rsa-encr(pre-share)> #encryption <des | 3des> #hash <sha | md5> #group <1 | 2> #lifetime <seconds> ----------------------------------------- 2. configure pre-share key ----------------------------------------- #crypto isakmp key <keystring> address <peer-address> ----------------------------------------- 3. configure IPsec transform set and lifetime ----------------------------------------- #crypto ipsec transform-set <xauthransform | reomte> <esp-des> <esp-md5-hmac> #crypto ipsec security-association lifetime seconds <seconds> ----------------------------------------- 4. define interesting traffic ----------------------------------------- #access list <number ID> permit ip <source network IP> <wildcard mask> <destination network IP> <wildcard mask> ----------------------------------------- 5. create and apply crypto maps ----------------------------------------- #crypto map <map name> <sequencial number> ipsec-isakmp #match address <access list ID> #set peer <hostname | ip-address> #set pfs <group1 | group2> #set transform-set <transform-set-name1 ...transform-set-name#> #set security-association lifetime second <seconds> #interface outside interface #crypto map <map name> ----------------------------------------- 6. verify configuration and operation ----------------------------------------- #show crypto ipsec transform-set #show crypto map #show crypto isakmp policy #show crypto isakmp sa #show crypto ipsec sa ```