Configuring IPSec on Cisco IOS router for Softlayer Connectivity

Who is Softlayer

SoftLayer, an IBM Company, provides cloud infrastructure as a service from 13 data centers in the United States, Asia, and Europe, and a global footprint of 17 network points of presence. Our customers range from Web startups to global enterprises.

Softlayer offer IPSec VPN on private network for customer to connect their coporate network to Softlayer Cloud to manage their systems running on Softlayer Cloud.

Softlayer customer can complete Softlayer end’s IPSec configuration through Softlayer customer portal.

I will shows you the capacity of Softlayer IPSec in the series of articles by 3 user cases.

The Network Topology is:

wKiom1OJvy2xIxPYAAHkyO46Y-w481

The IPSec config on Softlayer end is as below:

wKiom1OJpsSxvRKiAANRd1-ed_g173

From the above, you can see the IPSec config on Softlayer end is quite straightforward: Phase 1 and Phase 2 nego parameters then customer subnets and Softlayer subnets.

 

Next-step is the configuration on customer end:

(1) Customer end is Cisco router.

Please note it looks like that Softlayer doesn’t support the Cisco IPSec Virtual Tunnel interface.So you possibly have to use the classical “Crypto Map” method:

 

crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 14400
crypto isakmp key PassW0rd2014 address x.x.x.x (Softlayer end IPSec VPN Gateway IP)
!
!
crypto ipsec transform-set TS esp-3des esp-md5-hmac
!
crypto map CMAP 10 ipsec-isakmp
set peer x.x.x.x
set transform-set TS
set pfs group2
match address VPN
!
!
!
!
interface FastEthernet0/0
ip address 10.1.1.231 255.255.255.0
duplex auto
speed auto
crypto map CMAP
!
ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.1.1.1
!
!
!
!
ip access-list extended VPN
permit ip 192.168.109.0 0.0.0.255 10.66.24.0 0.0.0.63

 

#192.168.109.0/24 customer end IP range

#10.66.24.0/26 Softlayer VM IP range

#This cisco router is behind a firewall which performs the NAT function

2 thoughts on “Configuring IPSec on Cisco IOS router for Softlayer Connectivity

  1. Pingback: Configuring IPSec on Juniper SRX for IBM SoftLayer Connectivity (1) – InsidePacket

  2. Pingback: Configuring IPSec on Juniper SRX for IBM SoftLayer Connectivity(2) – InsidePacket

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s