• Home
  • Articles
  • Routers
  • Cisco
  • Configuring a Pre-Shared Site to Site VPN between 2 Cisco Routers

Configuring a Pre-Shared Site to Site VPN between 2 Cisco Routers

Below shows the configuration for one side of a Site to Site VPN between 2 Cisco routers using pre-shared keys.

router(config)# crypto isakmp enable

Phase 1

router(config)# crypto isakmp policy 10
router(config-isakmp)# authenticaton pre-share
router(config-isakmp)# encryption [?]
router(config-isakmp)# group [?]
router(config-isakmp)# hash [?]
router(config-isakmp)# lifetime 86400

router(config)# crypto isakmp identity address
router(config)# cryption isakmp [key] address [peer ip]

Phase 2

router(config)# crypto ipsec transform-set [name] [?]
router(config)# crypto ipsec lifetime [seconds/kilobytes] [value]

router(config)# ip access-list extended S2S-VPN-TRAFFIC
router(config-ext-nacl)# permit ip [local network] [mask] [remote network] [mask]

router(config)# crypto map S2S-VPN-MAP 100 ipsec-isakmp
router(config-crypto-map)# match address S2S-VPN-TRAFFIC
router(config-crypto-map)# set peer [peer ip]
router(config-crypto-map)# set transform-set [set]

router(config)# int [int name]
router(config-if)# crypto map S2S-VPN-MAP 100

Tags: VPN

About the Author


R Donato

Ricky Donato is the Founder and Chief Editor of He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Ricky on Twitter @f3lix001