Prepare a Router for Site-to-Site VPN using Pre-shared Keys
Step 3 – Check the current configuration

The current Cisco router configuration should be checked to see if there are any IPSec policies already configured that are useful for, or may interfere with, the IPSec policies that are planned to be configured. Previously configured IKE and IPSec policies and details can and should be used if possible to save configuration time. However, previously configured IKE and IPSec policies and details can make troubleshooting more difficult if problems arise.

To check if IKE policies have previously been configured, start with the show running-config command. A variety of show commands specific to IPSec can also be used. For example, the show crypto isakmp policy command, as shown in Figure , can be used to examine IKE policies. The default protection suite seen in Figure is available for use without modification. Other available show commands can also be used to view IKE and IPSec configuration.

The show crypto map command, shown in Figure , is useful for viewing any previously configured crypto maps. Crypto maps are covered in detail later in this lesson. Previously configured maps can and should be used to save configuration time. However, previously configured crypto maps can interfere with the IPSec policy that is to be configured.

The show crypto ipsec transform-set command can be used to view previously configured transform sets . Previously configured transforms can, and should, be used to save configuration time.