SIte to Site VPN - How and What

Started by certforumz, November 28, 2017, 12:17:56 AM

Previous topic - Next topic

certforumz

We are working on implementing site to site VPN cisco routers, and going through the requirements.
1. Create Crypto ACL: You need to create an  extended ACL with source and destination addresses. (Unless applied with crypto map command, it is just an extended ACL)
2. Apply extended ACL using Crypto map command. Now, the interesting traffic is known to the router, and the traffic meant for the destination IP will be routed through the IP tunnel.

Of course, you need to apply the same ACL on either side of the tunnel (except that the source and destination inter changed) for the tunnel to work properly.

Another important thing is to ensure that you have configured same IPsec parameters on either side of the tunnel interfaces.

https://learningnetwork.cisco.com/thread/25924
https://supportforums.cisco.com/t5/vpn/ipsec-tunnel-interesting-traffic/td-p/1454715
https://www.reddit.com/r/networking/comments/1q7f5b/does_a_site_to_site_vpn_tunnel_inherently_knows/