Cisco IOS: VPN configuration example
This page provides more detailed information for configuring a Skytap VPN for use with a Cisco IOS endpoint on an external network. It contains the VPN configuration parameters to enter on the Skytap VPN page, as well as a sample configuration file for the Cisco IOS device.
For general information, see Creating a VPN connection to your Skytap account.
Skytap VPN configuration
Parameters to enter on the Skytap VPN page:
Value to enter
Name for the Skytap VPN
Remote Peer IP
[CUSTOMER VPN ENDPOINT] value from the sample configuration file below
N/A. This is automatically populated when you select a public IP address for the Skytap peer IP field (see below).
Skytap peer IP
An available public IP address in your Skytap account. Select a public IP in the same region as the VMs you want to connect to.
Enter this as the
[SKYTAP VPN ENDPOINT] value in the sample configuration file below.
[SKYTAP VM IP RANGE] value from the sample configuration file below.
This is the range of VM IP addresses in Skytap that sends and receive traffic through this VPN. This can’t overlap with the included remote subnets defined below.
Apply NAT for Connected Networks
Phase 1 Encryption Algorithm
Phase 1 Hash Algorithm
Phase 1 pre-shared Key
[SHARED SECRET KEY] value from the sample configuration file below
Phase 1 SA lifetime
Phase 1 DH group
Phase 2 encryption algorithm
Phase 2 authentication algorithm
Phase 2 perfect forward secrecy (PFS)
Phase 2 PFS group
Phase 2 SA lifetime
SA policy level
Specify maximum segment size
Maximum segment size
Dead peer detection
Included remote subnets
[INTERNAL ALLOWED IP RANGE] value from the sample configuration file below.
These are the IP addresses and subnets on the external network that send and receive traffic through this VPN.
Excluded remote subnets
Subset of IP addresses and subnets on the external network that should be excluded from using the VPN tunnel. This is only used to define exclusions for VPN traffic from larger included remote subnets.
Sample Cisco IOS device configuration file
These are the parameters to enter in the Cisco IOS device configuration file.
[VARIABLES] with specific values from Skytap or corporate policy
crypto isakmp policy [UNIQUE NUMBER] encr aes authentication pre-share group 2 lifetime 28800 crypto isakmp key [SHARED SECRET KEY] address [SKYTAP VPN ENDPOINT] crypto ipsec transform-set [TRANSFORM SET NAME] esp-aes esp-sha-hmac mode tunnel crypto ipsec df-bit clear crypto map [CRYPTO MAP NAME] [UNIQUE NUMBER] ipsec-isakmp set peer [SKYTAP VPN ENDPOINT] set transform-set [TRANSFORM SET NAME] match address [ACL NAME] interface [INTERNAL INTERFACE] description [CUSTOMER PRIVATE IP ADDRESS] ip address [CUSTOMER INTERNAL NETWORK] interface [EXTERNAL INTERFACE] description [CUSTOMER PUBLIC IP] ip address [CUSTOMER VPN ENDPOINT] crypto map [CRYPTO MAP NAME] ip access-list extended [ACL NAME] permit ip [INTERNAL ALLOWED IP RANGE] [SKYTAP VM IP RANGE]