How to Configure IPsec to Cisco IOS Using Pre-shared Key Authentication

This guide covers configuration of IPsec between Peplink and Cisco IOS devices using pre-shared key authentication. The example configuration assumes the following settings:

IPsec VPN Settings

Peplink WAN1 IP Address:
Peplink WAN2 IP Address:
Peplink LAN Network:
Cisco WAN IP Address:
Cisco LAN Network:
Pre Shared Key: abc8009008
IPsec Phase 1 Authentication: SHA-1
ISPEC Phase 1 Encryption: AES-128
ISPEC Phase 1 DH Group: 2
IPsec Phase 2 Authentication: SHA-1
ISPEC Phase 2 Encryption: AES-128
ISPEC Phase 2 PFS Group: 2

Configuring Cisco IOS

The following example configuration is based on Cisco IOS 12.4 and implements the example settings above:

!β€” Configure an ISAKMP policy
!β€” Phase 1 Negotiations

crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2

!β€” Specify the preshared key β€œabc8009008” for Peplink’s WAN1 and WAN2

crypto isakmp key abc8009008 address
crypto isakmp key abc8009008 address

!β€” Configure IPsec policies and specify the transform sets
!β€” Phase 2 negotiations

crypto IPsec transform-set aes256 set esp-aes 256 esp-sha-hmac

!β€” Create crypto map for IKE establishment
!β€” Set peers to remote Peplink WAN IPs
!β€” Specify IPsec to use the transform-set β€œaes256” configured above
!β€” Match address specifies the traffic to be encrypted
crypto map cisco 10 IPsec-isakmp
set peer
set peer
set transform-set aes256
match address 100

!β€” External WAN Interface
interface FastEthernet0/0
ip address
duplex auto
speed auto
crypto map cisco
!β€” Internal LAN Interface
interface FastEthernet0/1
ip address
duplex auto
speed auto

ip route

!β€” Define access list for IPsec traffic from subnet to
access-list 100 permit ip

Peplink Configuration