Configure Site to Site VPN on Cisco Routers using SDM
Introduction      Requirements      Connect to Router using SDM      Configure the Router using SDM           Quick Setup method to configure Site to Site VPN           Step by step method to configure Site to Site VPN      Next Step      Troubleshoot the Procedure      Related Information	Download PDF   Configure Site to Site VPN on Cisco Routers using SDM

Introduction

This document explains how to configure Site to Site or Lan to Lan VPN connection between two routers and it applies to Cisco 1800, 2800 and 3800 series Integrated Services Routers.

Back to Top

Requirements

To perform the steps described in this document, you need to have these items:

• You must have completed the Configure Your Router with Security Device Manager document.

• You must have completed the Set Up Internet Security on a Cisco Router document.

• Router which runs an advance image of Cisco IOS Software Release 12.3 (6) T or later.

• Cisco Router and Security Device Manager (SDM) - version 2.3.1 or later.

• Completed Worksheets from the Site Survey:

  • Internet Worksheet

  • LAN Addressing Worksheet

    Note: This document uses examples from SDM version 2.4. Other versions of SDM displays a different output.

Back to Top

Connect to Router using SDM

Open a web browser and type http:// router-IP-address in the Address field. Use the IP address that you entered in field L6A of the LAN Addressing Worksheet. Press Enter to launch SDM. For more information about how to launch SDM, refer to Configure your Router with Security Device Manager.

Back to Top

Configure the Router using SDM

Follow these steps to setup Site to Site VPN on your router:

1. Click Configure.

   

2. Click VPN.

   

3. Click Site-to-Site VPN from the VPN menu and select Create a Site to Site VPN.

   

   Click on Launch the selected task.

   Two options gets displayed for Site to Site VPN configuration, namely Quick setup and Step by step wizard in a new window.

   

   Note: The Quick setup method uses SDM default parameters for the tunnel whereas in Step by step wizard you can specify your own tunnel parameters.

Quick Setup method to configure Site to Site VPN

Follow these steps to configure SDM using Quick Setup Method.

1. Select Quick setup method and click Next.

   

2. Follow these steps to enter the VPN Connection Information:

   • Select the interface of the local router for the VPN connection.

   • Enter the remote peer router’s IP address.

   • Select the Authentication method.

   • Select the local router’s interface connected to the network or device whose traffic is to be encrypted.

   • Enter the destination IP address and subnet mask where the traffic terminates.

   

   Click Next.

3. Check the summary of the configuration to be delivered to the router.

   

   Note: If you need to test the VPN connection after the configuration, make sure that the peer router is configured properly. Select Test VPN connectivity after configuring check box.

   Click Finish.

4. A Confirmation Delivery Status window gets displayed.

   

   Click OK.

5. Click Start if you have selected the option Test VPN connectivity after configuring. You get a confirmation message window if the test is completed successfully.

   

Step by step method to configure Site to Site VPN

Follow these steps to configure SDM using Step by step method:

1. Select Step by step wizard option to configure site to site VPN.

   

   Click Next.

2. Follow these steps to enter the VPN Connection Information:

   • Select the local router’s interface for VPN connection.

   • Enter the remote peer router’s IP address.

   • Select the Authentication method.

   

   Click Next.

3. To manually configure IKE proposals click Add else, click Next to use SDM default proposals.

   

   Configure the IKE policy by adding the necessary information in the Add IKE Policy window and click OK.

   

   Note: The Add IKE Policy window gets displayed only when you click Add.

   Click Next.

4. Click Add to manually configure Transform sets else, click Next to use SDM default transform sets

   

   Enter a name for the Transform set and the integrity and encryption algorithm and click OK.

   

   Note: The Edit Transform Set window gets displayed only when you click on Add.

   Click Next.

5. Select the traffic to be encrypted by using either of the two methods:

   • Protect all traffic between the following subnets

   • Create/Select an access-list for IPSec traffic

   In the first method:

   • Select Protect all traffic between the following subnets to encrypt all the traffic between two networks or hosts.

   • Enter the IP address and subnet masks.

     

     Click Next.

   In the second method:

   • Click Create/Select an access-list for IPSec traffic to specify the type of traffic to be encrypted. Select Create a new rule (ACL) from the drop down menu.

     

   • Specify the name of the rule and its description in the Add a Rule window.

     

     Click Add.

   • Specify the details for the type of traffic to be protected in Add an Extended Rule Entry.

     

     Click OK.

   • To add more entries click Add else click Next.

     

     Click OK.

6. Check the summary of the configuration to be delivered to the router.

   

   Note: If you need to test the VPN connection after the configuration, make sure that the peer router is configured properly. Select Test VPN connectivity after configuring check box.

   Click Finish.

7. A Confirmation Delivery Status window gets displayed.

   

   Click OK.

8. Click Start if you have selected the option Test VPN connectivity after configuring. You get a confirmation message window if the test is completed successfully.

   

Back to Top

Next Step

You have now configured Site to Site VPN on your router.

To make further changes to your router, refer to the Router Support Page.

To configure other devices in your network, refer to the Configuration Overview Page.

To check your VPN connection, refer to Verify VPN connections on IOS Routers using CLI and SDM.

Back to Top

Troubleshoot the Procedure

This section provides information about common problems that you may encounter. If this information does not solve your problem, contact the SMB Technical Assistance Center (SMB TAC) for assistance.

Back to Top

Related Information

• Router Support Page
• Site Survey
• Configure Your Router with Security Device Manager
• Set Up Internet Security on a Cisco Router