dardan:ccna_security:labs:configure_site-to-site

Configure Site-to-Site VPN with Cisco IOS 
 Configure IPsec VPN Settings on R1 and R3
  Verify connectivity from the R1 LAN to the R3 LAN
 
   Enable IKE policies on R1 and R3
    R1(config)# crypto isakmp enable
    R3(config)# crypto isakmp enable 
    R1(config)# crypto isakmp policy 10
 
  Configure the IKE Phase 1 ISAKMP policy on R1 and R3
   R1(config)# crypto isakmp policy 10 
   R1(config-isakmp)# hash sha 
   R1(config-isakmp)# authentication pre-share 
   R1(config-isakmp)# group 14 
   R1(config-isakmp)# lifetime 3600 
   R1(config-isakmp)# encryption aes 256 
   R1(config-isakmp)# end
   R3(config)# crypto isakmp policy 10 
   R3(config-isakmp)# hash sha 
   R3(config-isakmp)# authentication pre-share 
   R3(config-isakmp)# group 14 
   R3(config-isakmp)# lifetime 3600 
   R3(config-isakmp)# encryption aes 256 
   R3(config-isakmp)# end  
  

Configure pre-shared keys. 
 R1(config)# crypto isakmp key cisco123 address 10.2.2.1 
 R3(config)# crypto isakmp key cisco123 address 10.1.1.1

Configure the IPsec transform set and lifetime. 
 R1(config)# crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac 
 R3(config)# crypto ipsec transform-set 50 esp-aes 256 esp-sha-hmac
 R1(config)# crypto ipsec security-association lifetime seconds 1800 
 R3(config)# crypto ipsec security-association lifetime seconds 1800 
 
Define interesting traffic
 R1(config)# access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255 
 R3(config)# access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
 
 
Create and apply a crypto map. 
  R1(config)# crypto map CMAP 10 ipsec-isakmp
  R1(config-crypto-map)# match address 101
  R1(config-crypto-map)# set peer 10.2.2.1 
  R1(config-crypto-map)# set pfs group14 
  R1(config-crypto-map)# set transform-set 50 
  R1(config-crypto-map)# set security-association lifetime seconds 900 
  
  R3(config)# crypto map CMAP 10 ipsec-isakmp 
  R3(config-crypto-map)# match address 101 
  R3(config-crypto-map)# set peer 10.1.1.1 
  R3(config-crypto-map)# set pfs group14 
  R3(config-crypto-map)# set transform-set 50 
  R3(config-crypto-map)# set security-association lifetime seconds 900
  
  R1(config)# interface S0/0/0 
  R1(config-if)# crypto map CMAP 
  
  R3(config)# interface S0/0/1 
  R3(config-if)# crypto map CMAP
  
  
Verify
 R1# show crypto isakmp policy
 R1# show crypto ipsec transform-set 
 R1# show crypto map 
 R1# show crypto isakmp sa 
 R1# show crypto ipsec sa