Configure Site-to-Site VPN with Cisco IOS Configure IPsec VPN Settings on R1 and R3 Verify connectivity from the R1 LAN to the R3 LAN Enable IKE policies on R1 and R3 R1(config)# crypto isakmp enable R3(config)# crypto isakmp enable R1(config)# crypto isakmp policy 10 Configure the IKE Phase 1 ISAKMP policy on R1 and R3 R1(config)# crypto isakmp policy 10 R1(config-isakmp)# hash sha R1(config-isakmp)# authentication pre-share R1(config-isakmp)# group 14 R1(config-isakmp)# lifetime 3600 R1(config-isakmp)# encryption aes 256 R1(config-isakmp)# end R3(config)# crypto isakmp policy 10 R3(config-isakmp)# hash sha R3(config-isakmp)# authentication pre-share R3(config-isakmp)# group 14 R3(config-isakmp)# lifetime 3600 R3(config-isakmp)# encryption aes 256 R3(config-isakmp)# end Configure pre-shared keys. R1(config)# crypto isakmp key cisco123 address 10.2.2.1 R3(config)# crypto isakmp key cisco123 address 10.1.1.1 Configure the IPsec transform set and lifetime. R1(config)# crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac R3(config)# crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac R1(config)# crypto ipsec security-association lifetime seconds 1800 R3(config)# crypto ipsec security-association lifetime seconds 1800 Define interesting traffic R1(config)# access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255 R3(config)# access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 Create and apply a crypto map. R1(config)# crypto map CMAP 10 ipsec-isakmp R1(config-crypto-map)# match address 101 R1(config-crypto-map)# set peer 10.2.2.1 R1(config-crypto-map)# set pfs group14 R1(config-crypto-map)# set transform-set 50 R1(config-crypto-map)# set security-association lifetime seconds 900 R3(config)# crypto map CMAP 10 ipsec-isakmp R3(config-crypto-map)# match address 101 R3(config-crypto-map)# set peer 10.1.1.1 R3(config-crypto-map)# set pfs group14 R3(config-crypto-map)# set transform-set 50 R3(config-crypto-map)# set security-association lifetime seconds 900 R1(config)# interface S0/0/0 R1(config-if)# crypto map CMAP R3(config)# interface S0/0/1 R3(config-if)# crypto map CMAP Verify R1# show crypto isakmp policy R1# show crypto ipsec transform-set R1# show crypto map R1# show crypto isakmp sa R1# show crypto ipsec sa