Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: Site to Site VPN

Site to Site VPN 13 years 1 month ago #12063

Hi All,

I am really upping my number of posts today! hehe

AT any rate, another question. I was given a drawing of the network, and between my HQ site and my remote sites, there is a cloud that says "MPLS VPN". so obviously, i, its an MPLS VPN! lol well i ask around, and others think we are not using site to site vpn. when i look at the configs on the routers i see many commands starting with "crypto". my thoughts are they are actually using site to site, but just dont know it. is there a way for me to be sure?!

sorry for the newbiness....its my first network reorg.

"Go away or I will replace you with a very small shell script"

Re: Site to Site VPN 13 years 1 month ago #12068

  • jwj
  • jwj's Avatar
  • Offline
  • Senior Member
  • Senior Member
  • Posts: 350
  • Thank you received: 0
In your routers' configurations, look for a portion with "crypto map". A sub-configuration for it will be "set peer ip address".

crypto map vpndescription 10 ipsec-isakmp
set peer
set transform-set transformdescription

Now, the peer address is going to be the IP address of the distant end VPN point. So it should be an IP address of an interface on one of your routers somewhere. I would suggest copying and pasting all of your crypto maps and router interfaces from all your routers, and start matching the crypto maps to the interfaces (and router) it goes to.

Re: Site to Site VPN 13 years 1 month ago #12070

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 1447
  • Karma: 8
  • Thank you received: 13
I concur with jwj's configuration.

Configurations similar to the above will show your dealing with a site-to-site VPN.

In some cases, there is also a '' match address x" after the 'set transform-set' command, where 'x' is the access-list number to which the defined traffic is allowed to pass through.
Chris Partsenidis.
Founder & Editor-in-Chief

Re: Site to Site VPN 13 years 1 month ago #12073

Thanks guys....i did take down the "set peer" address, and i asked others in the group if they knew the address. i figured it was indeed the end point of the vpn, but i did not have the address in my list. i guess i will have to do more digging! thanks a lot for the replies.
"Go away or I will replace you with a very small shell script"
  • Page:
  • 1
Time to create page: 0.159 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup