Steps to create IPSEC VPN:

  • define ISAKMP Policies
  • define ISAKMP preshared key (if authentication method is Pre-share)
  • define IPSEC Transform Sets
  • define IPSEC security associations
  • define interesting traffic through Proxy Identity (or crypto ACL)
  • link crypto ACL and IPSEC TS with a Crypto Map
  • put the crypto map under the Internet-facing interface

configuring IPSEC VPN between R2 and R3 There was a problem at first. Debug command helped see the error: debug crypto ipsec We look back at the configuration on both R2 and R3 and discover that “set transform-set” is missing on R3: crypto map

We corrected the problem and did a ping from R2 to R3. show crypto ipsec sa IPSEC VPN in area 34 I created an IPv4 IPSEC VPN between R3 and R4. This is IPv4.

show crypto map show crypto map Show crypto map interface show crypto map interface show crypto session show crypto session show crypto session detail show crypto session detail Show crypto ipsec sa interface show crypto ipsec sa interface

  • non-interesting traffic does not bring the VPN up. To prove that, we did a debug of ipsec on R3, and we issued a ping from a non interesting interface on R4: debug crypto ipsec ping crypto ipsec debug