Can anybody share a working configuration for this? Ideally, Cisco IOS code snippet, XG Profile and IPsec VPN configuration.
Cant find anything on the internet and so far spent a couple of hours, so far unsuccessfully. I've set up plenty of Cisco to Cisco tunnels and I'm sure I can get this working eventually but I'd rather not reinvent the wheel.
Answering my own request as it may help someone else.
This assumes some experience with setting up IPsec tunnels on Cisco equipment. There are plenty of online guides if you need more help with this. It…
This assumes some experience with setting up IPsec tunnels on Cisco equipment. There are plenty of online guides if you need more help with this. It was developed with an older Cisco router (IOS 15) so the encryption is competitively weak because of limitations in that release. It does however mean that it should work with any Cisco router. Once you have it up and running on a newer router you can modify it for stronger encryption as required.
The tunnel is applied to the Cisco via a crypto map on the WAN interface. We prefer to do Cisco tunnels as a dedicated Tunnel interface but I couldn't get that to work (if anybody can help with this, please chime in).
I haven't included it because it is site specific but after establishing the tunnel, you will need to remember to make sure you exclude the tunnel traffic from NAT (if applicable) and adjust MTU/MSS on the WAN interface to successfully pass traffic.
IPs used in this example:Cisco LAN 192.168.1.1Cisco WAN 172.16.96.97XG LAN 172,16.16.16XG WAN 172.16.96.96
Cisco code snippet:
crypto isakmp policy 10
group 14crypto isakmp key q8M948cbfTCiAgLN address 172.16.96.96 no-xauth
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set sophos esp-3des esp-sha-hmac
crypto map XGVPNmap 10 ipsec-isakmp
description Tunnel to XG
set peer 172.16.96.96
set transform-set sophos
set pfs group14
match address VPNTraffic
ip address 192.168.1.1 255.255.255.0
ip address 172.16.96.97 255.255.255.0
crypto map XGVPNmap
ip access-list extended VPNTraffic
permit ip 192.168.1.0 0.0.0.255 172.16.16.0 0.0.0.255
XG IPsec Policy:
XG IPsec VPN Settings:
LAN and WAN definitions: