Site-to-site IPSec VPN

Last Updated : Nov 06, 2012 |

This section describes the concepts and procedures for VPN configuration.

To configure a site-to-site IPSec VPN, two devices (the Branch Gateway and a peer Gateway) must be configured symmetrically.

In some cases, you may wish to configure global VPN parameters (see Configuring global parameters).

Note:

In the following sections, all IPSec VPN parameters that you must configure are indicated as mandatory parameters. Non-mandatory VPN parameters have default values that are used unless otherwise set. Thus for example, although it is mandatory to define at least one ISAKMP policy, it is not mandatory to set the values for that ISAKMP policy since the Branch Gateway contains default ISAKMP policy settings.

Related information
IPSec VPN
VPN peer coordination
Configuring ISAKMP policies
Configuring transform-sets
Configuring ISAKMP peer information
Configuring an ISAKMP peer-group
Configuring crypto maps
Configuring crypto lists
Access control lists
Configuring global parameters
Assigning a crypto list to an interface