Home > Security Appliances > Site-to-site VPN > Configuring Cisco 2811 router for Site-to-site VPN with MX Series Appliance using the Command Line Interface

Configuring Cisco 2811 router for Site-to-site VPN with MX Series Appliance using the Command Line Interface

Table of contents
No headers

This article will outline the process for configuring a Site-to-site VPN between a MX Security Appliance and a Cisco 2800 series router using the command line interface.

The diagram below shows the connection between the 2 sites participating in the site to site VPN

 

Configuration

  •    Configure the MX side as explained here 
  •     Configure the Cisco 2811 router as shown below

1b01e704-c732-4b33-bbdd-2d79ddbdd831

 

Configure ISKAMP Policy

   crypto isakmp policy 10

   encr 3des

   authentication pre-share

   hash sha

   lifetime 28800

   group 2

 

Configure IPsec Transform Set

  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

 

Specifies the interesting traffic to be encrypted

   ip access-list extended outgoing_to_MX

   permit ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255

  

Specifies the pre-shared key "secretkey" which should be identical at both peers

  crypto isakmp key secretkey address 1.1.1.1


Configure the Ipsec-isakmp

  crypto map 2800-isakmp 1 ipsec-isakmp

  set peer 1.1.1.1

  set transform-set ESP-3DES-SHA

  match address outgoing_to_MX

 

Apply the Ipsec-isakmp to interface

  interface FastEthernet0/1

  ip address 2.2.2.2 255.255.255.248

  ip nat outside

  duplex auto

  speed auto

  crypto map 2800-isakmp

 

Once the MX and the ASA appliance are successfully configured, the network configured for VPN access will be able to access each other's resources.  To initiate the VPN Tunnel, it will be necessary to force one packet to traverse the VPN; this can be completed by initiating a ping across the tunnel.

 

Troubleshooting 3rd party VPN on MX can be found here


   
You must to post a comment.
Last modified
19:19, 9 Feb 2016

Tags

Classifications

This page has no classifications.

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community