Internet and Remote network

Answered Question
Feb 19th, 2007

i have one local site with the LAN (172.16.0.0) and local site is connected witht the remote site, both the ends are connected with ADSL and having router at both the site. Remote site having LAN (10.0.0.0) now i want to access the remote LAN hosts as well as internet at the same time from local office...

LAN 172.16.0.0---routerA----ADSL----RouterB---LAN 10.0.0.0

how can i do this?

I have this problem too.
0 votes
Correct Answer by Danilo Dy about 9 years 7 months ago

For GRE Tunnel

Office Router WAN Public IP Address = a.b.c.2, Gateway = a.b.c.1

Remote Router WAN Interface Public IP Address = w.x.y.2, Gateway w.x.y.1

Since you're using 72.16.0.0/12 and 10.0.0.0/8, we will use 192.168.0.0/16 fro Tunnel IP

1. Office

!

interface tunnel0

ip address 192.168.0.1 255.255.255.252

tunnel source a.b.c.2

tunnel destination w.x.y.2

keepalive 5 4

ip mtu 1500

!

ip subnet-zero

!

ip classless

ip route 0.0.0.0 0.0.0.0 a.b.c.1

ip route 10.0.0.0 255.0.0.0 tunnel0

2. Remote

!

interface tunnel0

ip address 192.168.0.2 255.255.255.252

tunnel source w.x.y.2

tunnel destination a.b.c.2

keepalive 5 4

ip mtu 1500

!

ip subnet-zero

!

ip classless

ip route 0.0.0.0 0.0.0.0 w.x.y.1

ip route 172.0.0.0 255.240.0.0 tunnel0

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.6 (8 ratings)
Loading.
daveporter123 Mon, 02/19/2007 - 07:34

i want simple configuration

will you please give me some basic confiuration?

Danilo Dy Mon, 02/19/2007 - 07:55

1. Does both site (office and remote) has a static assigned Public IP Address from your internet provider(s)?

2. Does both router IOS capable of running IPSEC and or IP GRE?

daveporter123 Mon, 02/19/2007 - 10:07

yes,

i had only single static public IP address.

and IOS is capable of IP GRE.

daveporter123 Mon, 02/19/2007 - 10:14

is it possible to establish gre tunnel between both the site and forwarding only private ip address data to the tunnel using static route and for othere internet traffice we can use that default router which is pointing to the real ip of interface or to the default gateway of the isp.

Danilo Dy Mon, 02/19/2007 - 20:39

Yes its possible. For example you build a GRE Tunnel0, your routing will be like this

Office (RouterA):

ip route 0.0.0.0 0.0.0.0 ip_address_of_isp_router_facing_routerA

ip route 10.0.0.0 255.0.0.0 Tunnel0

Remote (RouterB):

ip route 0.0.0.0 0.0.0.0 ip_address_of_isp_router_facing_routerB

ip route 172.16.0.0 255.240.0.0 Tunnel0

You can use the link previously provided to build GRE Tunnel, else if you want a configuration sample that suit your environment, we need you to post your configuration (remove confidential information like password, and change the first and second octet of the public ip address to xxx.yyy)

daveporter123 Mon, 02/19/2007 - 20:53

thank you expert,

right now i am configuring the same using GRE but i thing in LAN switching forum RAJ replied me with IPSEC so i will try to move on it slowly. but your advise help me a lot in configuration thank you very much.

I really appriciate your help and support, i also appriciate all the exper and member of the discussion forum for their knowledge sahring.

thank you very much again

Danilo Dy Mon, 02/19/2007 - 21:25

Since your router does not support IPSEC, you can try GRE first. Once its working, you can justify to put some $$$ to upgrade to IOS that support IPSEC so that the tunnel is secure :)

daveporter123 Mon, 02/19/2007 - 23:10

when confiugring GRE? what ip address i should use to configure the tunnel interface ip address? it must be private ip address and i should use tunnel source as the Global IP address which is already configure to my one the the interface which is facing towards the ISP? am i right or wrong?

please provide me both end solution as well as same for IP sec VPN...

Danilo Dy Tue, 02/20/2007 - 02:21

Use as source the wan interface facing internet configured with public ip address of the local router. Use as destination the configured public ip address of the wan interface facing internet of the remote router.

It would be easier if you provide us the configuration of at least the interface facing internet for both routers (including routing configuration) as there is a configuration difference for dsl service for some countries.

daveporter123 Tue, 02/20/2007 - 05:32

hi medan,

i dont how any configuration but i have to start configure the both end router after two days. so please send me some example's configuration.

Correct Answer
Danilo Dy Tue, 02/20/2007 - 06:09

For GRE Tunnel

Office Router WAN Public IP Address = a.b.c.2, Gateway = a.b.c.1

Remote Router WAN Interface Public IP Address = w.x.y.2, Gateway w.x.y.1

Since you're using 72.16.0.0/12 and 10.0.0.0/8, we will use 192.168.0.0/16 fro Tunnel IP

1. Office

!

interface tunnel0

ip address 192.168.0.1 255.255.255.252

tunnel source a.b.c.2

tunnel destination w.x.y.2

keepalive 5 4

ip mtu 1500

!

ip subnet-zero

!

ip classless

ip route 0.0.0.0 0.0.0.0 a.b.c.1

ip route 10.0.0.0 255.0.0.0 tunnel0

2. Remote

!

interface tunnel0

ip address 192.168.0.2 255.255.255.252

tunnel source w.x.y.2

tunnel destination a.b.c.2

keepalive 5 4

ip mtu 1500

!

ip subnet-zero

!

ip classless

ip route 0.0.0.0 0.0.0.0 w.x.y.1

ip route 172.0.0.0 255.240.0.0 tunnel0

Danilo Dy Tue, 02/20/2007 - 06:43

For IPSEC

When you already have the IOS that is capable of running IPSEC, you need to remove the GRE Tunnel first.

1. Office

!

no interface tunnel0

!

no ip route 10.0.0.0 255.0.0.0 tunnel0

!

crypto isakmp policy 3

authentication pre-share

!

crypto isakmp key trinity address w.x.y.2 no-xauth

!

crypto ipsec transform-set NEO esp-des esp-sha-hmac

!

crypto map TheMatrix 1 ipsec-isakmp

set peer w.x.y.2

set transform-set NEO

set pfs group1

match address 101

!

access-list 101 permit ip 172.16.0.0 0.240.255.255 10.0.0.0 0.255.255.255

!

interface wan_interface_facing_internet

ip address a.b.c.2 255.255.255.252

crypto map TheMatrix

2. Remote

!

no interface tunnel0

!

no ip route 172.16.0.0 255.240.0.0 tunnel0

!

crypto isakmp policy 3

authentication pre-share

!

crypto isakmp key trinity address a.b.c.2 no-xauth

!

crypto ipsec transform-set NEO esp-des esp-sha-hmac

!

crypto map TheMatrix 1 ipsec-isakmp

set peer a.b.c.2

set transform-set NEO

set pfs group1

match address 101

!

access-list 101 permit ip 10.0.0.0 0.255.255.255 172.16.0.0 0.240.255.255

!

interface wan_interface_facing_internet

ip address w.x.y.2 255.255.255.252

crypto map TheMatrix

drummond.r Fri, 03/02/2007 - 07:34

i have a question related to this. i have my router setup with an ipSec over GRE tunnel. i want to setup my router to act as a l2tp vpn server without having to remove the tunnels. how can i go about doing that?

-rob

Actions

This Discussion