IPsec IKE Tunnel to Cisco IOS Router

Can anybody share a working configuration for this? Ideally, Cisco IOS code snippet, XG Profile and IPsec VPN configuration.

Cant find anything on the internet and so far spent a couple of hours, so far unsuccessfully. I've set up plenty of Cisco to Cisco tunnels and I'm sure I can get this working eventually but I'd rather not reinvent the wheel.

  • Answering my own request as it may help someone else.

    This assumes some experience with setting up IPsec tunnels on Cisco equipment. There are plenty of online guides if you need more help with this. It was developed with an older Cisco router (IOS 15) so the encryption is competitively weak because of limitations in that release. It does however mean that it should work with any Cisco router. Once you have it up and running on a newer router you can modify it for stronger encryption as required.

    The tunnel is applied to the Cisco via a crypto map on the WAN interface. We prefer to do Cisco tunnels as a dedicated Tunnel interface but I couldn't get that to work (if anybody can help with this, please chime in).

    I haven't included it because it is site specific but after establishing the tunnel, you will need to remember to make sure you exclude the tunnel traffic from NAT (if applicable) and adjust MTU/MSS on the WAN interface to successfully pass traffic.

    IPs used in this example:
    Cisco LAN
    Cisco WAN
    XG LAN 172,16.16.16
    XG WAN

    Cisco code snippet:

    crypto isakmp policy 10
     encr 3des
     hash sha256
     authentication pre-share
     group 14crypto isakmp key q8M948cbfTCiAgLN address no-xauth
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec transform-set sophos esp-3des esp-sha-hmac 
    crypto map XGVPNmap 10 ipsec-isakmp 
     description Tunnel to XG
     set peer
     set transform-set sophos 
     set pfs group14
     match address VPNTraffic
    interface FastEthernet0/0
     description LAN
     ip address
    interface FastEthernet0/1
     description WAN
     ip address
     crypto map XGVPNmap
    ip access-list extended VPNTraffic
     permit ip

    XG IPsec Policy:

    XG IPsec VPN Settings:

    LAN and WAN definitions: