Summary of configuration commands

Last Updated : May 09, 2023 |

The commands required to configure a VPN are listed below. For a step-by-step description of the VPN procedures, see Site-to-site IPSec VPN.

Note:

You must configure VPN in the order shown in the summary. Commands appearing in bold are mandatory.

  • ISAKMP policy – crypto isakmp policy

    • description

    • authentication pre-share

    • encryption

    • hash

    • group

    • lifetime

  • IPSEC transform-set – crypto ipsec transform-set

    • set pfs

    • et security-association lifetime seconds

    • set security-association lifetime kilobytes

    • mode (tunnel/transport)

  • ISAKMP peer – crypto isakmp peer

    • description

    • isakmp-policy

    • pre-shared-key

    • initiate mode

    • self-identity

    • keepalive

    • keepalive-track

    • continous-channel

  • (Optional) ISAKMP peer group – crypto isakmp peer-group

    • description

    • set peer

  • Crypto map – crypto map

    • description

    • set transform-set

    • set peer or set peer-group

    • set dscp

    • continous-channel

  • IP crypto list – ip crypto-list

    • local-address

    • ip-rule

      • description

      • source-ip

      • destination-ip

      • protect crypto map

      • ip-protcol

      • tcp

      • udp

      • icmp

      • dscp

      • fragment

  • Access control list – ip access-control-list

  • global parameters

    • crypto isakmp invalid-spi-recovery

    • crypto ipsec nat-transparency udp-encapsulation

    • crypto isakmp nat keepalive

  • assigning a crypto-list to an interface

    • crypto ipsec df-bit

    • crypto ipsec minimal-pmtu

    • ip crypto-group

Related information
IPSec VPN