Site to Site VPN

Hi All,

I am really upping my number of posts today! hehe

AT any rate, another question. I was given a drawing of the network, and between my HQ site and my remote sites, there is a cloud that says "MPLS VPN". so obviously, i think..wow...ok, its an MPLS VPN! lol well i ask around, and others think we are not using site to site vpn. when i look at the configs on the routers i see many commands starting with "crypto". my thoughts are they are actually using site to site, but just dont know it. is there a way for me to be sure?!

sorry for the newbiness....its my first network reorg.

Thanks

In your routers' configurations, look for a portion with "crypto map". A sub-configuration for it will be "set peer ip address".

Example:
crypto map vpndescription 10 ipsec-isakmp
set peer 123.100.101.55
set transform-set transformdescription

Now, the peer address is going to be the IP address of the distant end VPN point. So it should be an IP address of an interface on one of your routers somewhere. I would suggest copying and pasting all of your crypto maps and router interfaces from all your routers, and start matching the crypto maps to the interfaces (and router) it goes to.

I concur with jwj's configuration.

Configurations similar to the above will show your dealing with a site-to-site VPN.

In some cases, there is also a '' match address x" after the 'set transform-set' command, where 'x' is the access-list number to which the defined traffic is allowed to pass through.

Thanks guys....i did take down the "set peer" address, and i asked others in the group if they knew the address. i figured it was indeed the end point of the vpn, but i did not have the address in my list. i guess i will have to do more digging! thanks a lot for the replies.