Configure Pre-Shared Site to Site VPN between Cisco Routers

Below shows the configuration for one side of a Site to Site VPN between 2 Cisco routers using pre-shared keys.

router(config)# crypto isakmp enable

Phase 1

router(config)# crypto isakmp policy 10
router(config-isakmp)# authenticaton pre-share
router(config-isakmp)# encryption [?]
router(config-isakmp)# group [?]
router(config-isakmp)# hash [?]
router(config-isakmp)# lifetime 86400

router(config)# crypto isakmp identity address
router(config)# cryption isakmp [key] address [peer ip]

Phase 2

router(config)# crypto ipsec transform-set [name] [?]
router(config)# crypto ipsec lifetime [seconds/kilobytes] [value]

router(config)# ip access-list extended S2S-VPN-TRAFFIC
router(config-ext-nacl)# permit ip [local network] [mask] [remote network] [mask]

router(config)# crypto map S2S-VPN-MAP 100 ipsec-isakmp
router(config-crypto-map)# match address S2S-VPN-TRAFFIC
router(config-crypto-map)# set peer [peer ip]
router(config-crypto-map)# set transform-set [set]

router(config)# int [int name]
router(config-if)# crypto map S2S-VPN-MAP 100

• Author
• Recent Posts

Rick Donato

Rick Donato is a Network Automation Architect/Evangelist and the founder of Packet Coders.

Latest posts by Rick Donato (see all)

• NETCONF & YANG: Automate Network Configs via Python - April 2, 2026
• Palo Alto – How to Configure Your Next-Generation Firewall - April 2, 2026
• How to Harden Linux SSH: Keys, Fail2ban & Ciphers - March 1, 2026

Want to become a networking expert ?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
Delta Practice Tests