User`s guide
XSR User’s Guide 271
Chapter 11 Configuring a Simple VPN Site-to-Site Application
Configuring the Virtual Private Network
tunnel + Names a site-to-site VPN tunnel
set heartbeat + Enables and configures tunnel connectivity monitoring
set protocol (ipsec) + Selects a tunnel protocol
set active + Brings the tunnel up
set user + Designates the user name when initiating a tunnel and obtains
credentials from the AAA subsystem
set peer + Sets the IP address of the peer
Configuring a Simple VPN Site-to-Site Application
The following main steps describe how to configure a simple Site-to-Site VPN
between two XSRs, as illustrated in Figure 48:
Encrypt Branch-site traffic on the 63.81.66.0/24 network to Central site
networks (63.81.64.0/24, 63.81.68.0/24, 141.154.196.64/28)
Set up IPSec/IKE policy with pre-shared keys
Configure cryptographic algorithms (transform-sets) and IPSec mode
Configure the VPN interface and crypto maps
Figure 48 Site-to-Site Example
1
Generate a master encryption key as described in “Master Key
Generation” on page 256
. This need only be done once on the router.
2 Begin Central Site configuration of all necessary physical and system
requirements, including physical IP addresses, routing (default route and
RIP or OSPF), and standard ACLs. This example offers numerous options.
3 Configure Access Lists 120, 130, and 140 to define the particular traffic to
be protected by the tunnel. The ACLs allow a range of IP addresses on
Central Site
Branch Office
Internet
XSR
XSR
FastEthernet 1
63.81.66.1
FastEthernet 2
1.1.1.1
FastEthernet 2
1.1.1.2
FastEthernet 1
141.154.196.78
63.81.64.0/24
63.81.68.0/24
63.81.66.0/24