This is like one of those recipe book type 1 page cheat sheets. This relies on you knowing IOS well enough to just need a jog.
So to set up an interface mode (Virtual tunnel interface in Cisco speak) vpn you need these commands:
crypto isakmp policy
crypto isakmp key
crypto ipsec transform set
crypto ipsec profile
shape average 128000
ip address maybe or ip unnumbered vlan1 to tie to vlan1
tun source outsideIP
tun destin otherend
tunnel mode ipsec ipv4
tunnel protection ipsec profile
ip route tun0 perm?
or use Ip and dynamic routing rip v2?
If you're switching from proxy style VPN then remove the crypto map unless you still have dynamic client vpns and remove the IPSec policy for the connection.
The tunnel ones are just so much nicer. No NAT hassles, easy policy QoS etc.
Also help diag commands:
sh crypto session detail
I was playing with this a while back and it didn't work and got forgotten about but this time I dug into it further. There are lots of...
This is something that caught my interest a few years ago and has been sitting in the garage churning out tiny fractions of a bitcoin regula...
This one might save someone some searching :-) I can't remember when it started happening but the UserEventAgent process started using...
We still see this one occasionally. Had one case where we needed to get a policy on but couldn't reboot the firewall. So, tried a few ...