How to Configure IPsec to Cisco IOS Using Pre-shared Key Authentication


This guide covers configuration of IPsec between Peplink and Cisco IOS devices using pre-shared key authentication. The example configuration assumes the following settings:

IPsec VPN Settings

Peplink WAN1 IP Address:
Peplink WAN2 IP Address:
Peplink LAN Network:
Cisco WAN IP Address:
Cisco LAN Network:
Pre Shared Key: abc8009008
IPsec Phase 1 Authentication: SHA-1
ISPEC Phase 1 Encryption: AES-128
ISPEC Phase 1 DH Group: 2
IPsec Phase 2 Authentication: SHA-1
ISPEC Phase 2 Encryption: AES-128
ISPEC Phase 2 PFS Group: 2

Configuring Cisco IOS

The following example configuration is based on Cisco IOS 12.4 and implements the example settings above:

!— Configure an ISAKMP policy
!— Phase 1 Negotiations

crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2

!— Specify the preshared key “abc8009008” for Peplink’s WAN1 and WAN2

crypto isakmp key abc8009008 address
crypto isakmp key abc8009008 address

!— Configure IPsec policies and specify the transform sets
!— Phase 2 negotiations

crypto IPsec transform-set aes256 set esp-aes 256 esp-sha-hmac

!— Create crypto map for IKE establishment
!— Set peers to remote Peplink WAN IPs
!— Specify IPsec to use the transform-set “aes256” configured above
!— Match address specifies the traffic to be encrypted
crypto map cisco 10 IPsec-isakmp
set peer
set peer
set transform-set aes256
match address 100

!— External WAN Interface
interface FastEthernet0/0
ip address
duplex auto
speed auto
crypto map cisco
!— Internal LAN Interface
interface FastEthernet0/1
ip address
duplex auto
speed auto

ip route

!— Define access list for IPsec traffic from subnet to
access-list 100 permit ip

Peplink Configuration

Dynamic VPN between ASA and MAX BR1
Configure VPN with PIA on Surf SOHO