Router A ! crypto isakmp policy 1 hash md5 authentication pre-share crypto isakmp key cisco123 address Router B's serial Interface crypto isakmp keepalive 120 30 ! ! crypto ipsec transform-set to_vpn esp-3des esp-md5-hmac
! crypto map to_vpn 10 ipsec-isakmp set peer Router B's Serial Interface set transform-set to_vpn match address 101 ! ! ! ! interface FastEthernet0 description Network A ip address a.a.a.a 255.255.255.0 ip nat inside speed auto half-duplex ! interface Serial0 description Internet Line ip address ip nat outside no fair-queue crypto map to_vpn ! ip nat inside source list 110 interface serial0 overload ip classless ip route 0.0.0.0 0.0.0.0 ISP's gateway no ip http server ip pim bidir-enable ! access-list 101 permit ip a.a.a.a 0.0.0.255 b.b.b.b 0.0.0.255 access-list 110 deny ip a.a.a.a 0.0.0.255 b.b.b.b 0.0.0.255 access-list 110 permit ip a.a.a.a 0.0.0.255 any !
Router B
! crypto isakmp policy 1 hash md5 authentication pre-share crypto isakmp key cisco123 address Router A's serial Interface crypto isakmp keepalive 10 2 ! ! crypto ipsec transform-set to_vpn esp-3des esp-md5-hmac
! crypto map to_vpn 10 ipsec-isakmp set peer Router A's Serial Interface set transform-set to_vpn match address 101 ! ! ! ! interface FastEthernet0 description Network B ip address b.b.b.b 255.255.255.0 ip nat inside speed auto half-duplex ! interface Serial0 description Internet Line ip address ip nat outside no fair-queue crypto map to_vpn ! ip nat inside source list 110 interface serial0 overload ip classless ip route 0.0.0.0 0.0.0.0 ISP's gateway no ip http server ip pim bidir-enable ! access-list 101 permit ip b.b.b.b 0.0.0.255 a.a.a.a 0.0.0.255 access-list 110 deny ip b.b.b.b 0.0.0.255 a.a.a.a 0.0.0.255 access-list 110 permit ip b.b.b.b 0.0.0.255 any !
Here is a very basic config for a vpn between two routers.