Hi friends, after a long period me again came with a very interesting thread in which me tell you How you can make your own VPN (Virtual Private Network) between your Home Router and Office Router.

For this me use Cisco 3700 router.

Router R1 works as Home Router and R3 works as Office Router and between R1 and R3 we will use router R2 as Internet Router. You can see full diagram in below picture....







Now me going to given IP address to all router interface. For Router R1 interface f0/0 , i use IP add 172.16.12.1 /24 and for Router R2 interface f0/0 172.16.12.2 /24 and same for interface f0/1
172.16.23.2 /24 , and in last for router R3 interface f0/1 me use 172.16.23.3 /24.

And also make Loopback 1 in Router R1 and R2. For Router R1 loopback is 1.1.1.1 /24 and for R3 is 3.3.3.3 /24 .

First question here is why i am using IP add 172.16.0.0 where this is came into private IP address range, because i am using this only for example, you may take it and else as your wish.

Now for live example see below three picture for above work....















Now i am going to given static IP route for communicate the Router. You may run any interior protocol rather static route.Now see below two pic for static ip route in router R1 and R2....










Now i am going to Ping IP add of R3 by R1 , when you ping it then it successfully ping but when you ping by source Loopback then you get success rate 0.See below two pic for see Ping router R1 to R3 and R3 to R1...








So now me going to make VPN here. First know it, work of building VPN divided into two phase>> Phase 1 & 2.

Now make access-list on router R1 and run command:

Code:

R1(config)#access-list 110 permit ip host 1.1.1.1 host 3.3.3.3
R1(config)#crypto isakmp policy 10
R1(config-isakmp)#authentication pre-share
R1(config-isakmp)#encryption 3des
R1(config-isakmp)#group 2
R1(config-isakmp)#hash md5
R1(config-isakmp)#exit
R1(config)#crypto isakmp key 6 cisco address 172.16.23.3
R1(config)#crypto ipsec transform-set esp-3des esp-md5-hmac
exit
R1(config)#crypto map mymap 10 ipsec-isakmp
R1(config-crypto-map)#match add 110
R1(config-crypto-map)#set transform-set tset
R1(config-crypto-map)#set peer 172.16.23.3
exit
R1(config)#int f0/0
R1(config)#crypto map mymap

when you did all steps on R1 then it show you a msg like "isakmp is on"

See below two pics for R1 full configuration....










Now Run same command with some changes in router R3:

Code:

R1(config)#access-list 115 permit ip host 3.3.3.3 host 1.1.1.1
R1(config)#crypto isakmp policy 15
R1(config-isakmp)#authentication pre-share
R1(config-isakmp)#encryption 3des
R1(config-isakmp)#group 2
R1(config-isakmp)#hash md5
R1(config-isakmp)#exit
R1(config)#crypto isakmp key 6 cisco address 172.16.12.1
R1(config)#crypto ipsec transform-set esp-3des esp-md5-hmac
exit
R1(config)#crypto map mymap 15 ipsec-isakmp
R1(config-crypto-map)#match add 115
R1(config-crypto-map)#set transform-set tset
R1(config-crypto-map)#set peer 172.16.12.1
exit
R1(config)#int f0/1
R1(config)#crypto map mymap

See below pic for full configuration:






Now go to R1 and Ping 3.3.3.3 by source 1.1.1.1 , now it ping successfully.see below pic...







Now go to R3 and Ping 1.1.1.1 by Source 3.3.3.3 , it ping now successfullyee below pic...






Now your VPN working successfully. Both Loopback ping whose that did not ping before.

For check status run command " sh crypto isakmp sa " , see below pic, it showing you idle state.










I hope you like my new post one again, your support encourage me write new interesting post here.

(08-30-2012, 04:09 AM)Shining White Wrote: Damn hot , i wanna see this , in free time , thanks as always

(08-29-2012, 11:40 PM)Anderson Wrote: This is a good post, good job mate.

(08-30-2012, 06:53 AM)3r3bu$ Wrote: Thanks for this!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

(09-28-2012, 10:46 PM)LiveFaster Wrote: u son of a ** i love you