Cisco: Creating Site-to-Site VPN Links

09. May 2010 2 comments

I have found there is a lacking for some very straight forward guides on how to setup cisco devices for simple setups.

In this guide I want to show you how to create a very simply Site-to-Site VPN link using what Cisco calls Static Virtual Tunnel Interfaces or SVTIs for short.

First we will start by creating a ISAKMP policy, these policies need to be identical on both sites otherwise Phase 1 negotiation will fail, the policy number represents the order the policies are tried in negotiations however remember if negotiations take too long they may fail.
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 20000

Because we told it to use a pre-shared key for authentication we will now set the key for the other sites router
crypto isakmp key keygoeshere address xxx.xxx.xxx.xxx

Now we need to set the transform set, this basically sets the encryption method to use for the tunnel link
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac

One last configuration until we get onto the actual tunnel interface so hold with me here, basically the next bit configures a ipsec profile for use on the tunnel interface, this profile simple tells the system what transform set to use.
crypto ipsec profile Site-to-Site
set transform-set ESP-3DES-SHA1

Onto the good stuff I say, because its such a large code block I’ve added my comments into the code
interface Tunnel0
description --- Connection to Site X ---
!Set the IP address for the link, because it will be Point to Point use the smallest subnet possible
ip address yyy.yyy.yyy.yyy 255.255.255.252
!Set the IP where the connection will be made from
tunnel source Dialer1
!Set the destination in this case the other site
tunnel destination xxx.xxx.xxx.xxx
!Set the tunnel to use IPSEC rather then GRE
tunnel mode ipsec ipv4
tunnel path-mtu-discovery
!Set the profile we used earlier
tunnel protection ipsec profile Site-to-Site

Repeat the same on the other site and… CONGRATULATIONS! Your link should now be UP, UP

SpeedCameras Prototype 2

26. Jan 2010 0 comments

So I got bored and decided to get coding, after updating my feed of cameras to include gps coordinates as well I have developed a iPhone App which provides a more fluid, faster, less bandwidth application compared to a WebApp.

SpeedCameras for SA Released

24. Jan 2010 0 comments

A little project of mine for a long time has been to convert the South Australian Police camera list into a more readable format for the iPhone, its a very basic web application for the time being however if your a South Australian you may find it interesting.

Description:
The South Australian Police provide the public with a list of all speed cameras for South Australia, however to view and navigate the SA Police website on a iPhone can be very difficult and time consuming.

With SpeedCameras for SA you can now view todays speed cameras efficiently and with ease, this allows you …