Hi Frnz..hre u can c how to config a site-site vpn
Configuration Of R1 (Cust Site A) :hostname CusSite-A
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
username cisco123 privilege 15 password 0 cisco123
!
!
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
crypto isakmp key 123456 address 172.16.1.2
!
!
crypto ipsec transform-set mk esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to172.16.1.2
set peer 172.16.1.2
set transform-set mk
match address 100
!
!
!
!
interface Loopback0
ip address 192.168.2.1 255.255.255.0
!
interface Serial0/0
ip address 10.1.1.1 255.255.255.0
serial restart-delay 0
crypto map SDM_CMAP_1
!
interface Serial0/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 Serial0/0 10.1.1.2
ip route 172.16.2.0 255.255.255.0 10.1.1.2
!
!
!
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.2.0 0.0.0.255 172.16.2.0 0.0.0.255
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login local
transport input ssh
!
!
end
-----------------------------------------------------------
Configuration of R2 (ISP) :
hostname ISP
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
interface Serial0/0
ip address 10.1.1.2 255.255.255.0
serial restart-delay 0
!
interface Serial0/1
ip address 172.16.1.1 255.255.255.0
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
ip http server
no ip http secure-server
ip route 172.16.2.0 255.255.255.0 Serial0/1 172.16.1.2
ip route 192.168.1.0 255.255.255.0 Serial0/0 10.1.1.1
ip route 192.168.2.0 255.255.255.0 Serial0/0 10.1.1.1
!
!
!
!
!
!
control-plane
!
!
!!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
-------------------------------------------
Config of R3 (Cus Site B) :!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CusSite-B
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
username cisco123 privilege 15 password 0 cisco123
!
!
!
!
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
crypto isakmp key 123456 address 10.1.1.1
!
!
crypto ipsec transform-set mk esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
set peer 10.1.1.1
set transform-set mk
match address SDM_1
!
!
!
!
interface Loopback0
ip address 172.16.2.1 255.255.255.0
!
interface Serial0/0
ip address 172.16.1.2 255.255.255.0
serial restart-delay 0
no fair-queue
crypto map SDM_CMAP_1
!
interface Serial0/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 Serial0/0 172.16.1.1
!
!
!
!
ip access-list extended SDM_1
remark SDM_ACL Category=4
remark IPSec Rule
permit ip 172.16.2.0 0.0.0.255 192.168.2.0 0.0.0.255
!
!
!
control-plane
!
!!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
Packet Capture Output
R1 Debug Output
Thank You......
............Ur's
MK