02-19-2007 06:29 AM - edited 03-03-2019 03:49 PM
i have one local site with the LAN (172.16.0.0) and local site is connected witht the remote site, both the ends are connected with ADSL and having router at both the site. Remote site having LAN (10.0.0.0) now i want to access the remote LAN hosts as well as internet at the same time from local office...
LAN 172.16.0.0---routerA----ADSL----RouterB---LAN 10.0.0.0
how can i do this?
Solved! Go to Solution.
02-20-2007 06:09 AM
For GRE Tunnel
Office Router WAN Public IP Address = a.b.c.2, Gateway = a.b.c.1
Remote Router WAN Interface Public IP Address = w.x.y.2, Gateway w.x.y.1
Since you're using 72.16.0.0/12 and 10.0.0.0/8, we will use 192.168.0.0/16 fro Tunnel IP
1. Office
!
interface tunnel0
ip address 192.168.0.1 255.255.255.252
tunnel source a.b.c.2
tunnel destination w.x.y.2
keepalive 5 4
ip mtu 1500
!
ip subnet-zero
!
ip classless
ip route 0.0.0.0 0.0.0.0 a.b.c.1
ip route 10.0.0.0 255.0.0.0 tunnel0
2. Remote
!
interface tunnel0
ip address 192.168.0.2 255.255.255.252
tunnel source w.x.y.2
tunnel destination a.b.c.2
keepalive 5 4
ip mtu 1500
!
ip subnet-zero
!
ip classless
ip route 0.0.0.0 0.0.0.0 w.x.y.1
ip route 172.0.0.0 255.240.0.0 tunnel0
02-19-2007 06:35 AM
Hi Dave
This link is specific to your requirement
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949ef.shtml
HTH
Hoogen
Do rate if this helps out :)
02-19-2007 06:37 AM
Use IP GRE Tunnel to reach remote site.
http://www.cisco.com/en/US/tech/tk827/tk369/tk287/tsd_technology_support_sub-protocol_home.html
02-19-2007 07:34 AM
i want simple configuration
will you please give me some basic confiuration?
02-19-2007 07:55 AM
1. Does both site (office and remote) has a static assigned Public IP Address from your internet provider(s)?
2. Does both router IOS capable of running IPSEC and or IP GRE?
02-19-2007 10:07 AM
yes,
i had only single static public IP address.
and IOS is capable of IP GRE.
02-19-2007 10:14 AM
is it possible to establish gre tunnel between both the site and forwarding only private ip address data to the tunnel using static route and for othere internet traffice we can use that default router which is pointing to the real ip of interface or to the default gateway of the isp.
02-19-2007 08:39 PM
Yes its possible. For example you build a GRE Tunnel0, your routing will be like this
Office (RouterA):
ip route 0.0.0.0 0.0.0.0 ip_address_of_isp_router_facing_routerA
ip route 10.0.0.0 255.0.0.0 Tunnel0
Remote (RouterB):
ip route 0.0.0.0 0.0.0.0 ip_address_of_isp_router_facing_routerB
ip route 172.16.0.0 255.240.0.0 Tunnel0
You can use the link previously provided to build GRE Tunnel, else if you want a configuration sample that suit your environment, we need you to post your configuration (remove confidential information like password, and change the first and second octet of the public ip address to xxx.yyy)
02-19-2007 08:53 PM
thank you expert,
right now i am configuring the same using GRE but i thing in LAN switching forum RAJ replied me with IPSEC so i will try to move on it slowly. but your advise help me a lot in configuration thank you very much.
I really appriciate your help and support, i also appriciate all the exper and member of the discussion forum for their knowledge sahring.
thank you very much again
02-19-2007 09:25 PM
Since your router does not support IPSEC, you can try GRE first. Once its working, you can justify to put some $$$ to upgrade to IOS that support IPSEC so that the tunnel is secure :)
02-19-2007 11:10 PM
when confiugring GRE? what ip address i should use to configure the tunnel interface ip address? it must be private ip address and i should use tunnel source as the Global IP address which is already configure to my one the the interface which is facing towards the ISP? am i right or wrong?
please provide me both end solution as well as same for IP sec VPN...
02-20-2007 02:21 AM
Use as source the wan interface facing internet configured with public ip address of the local router. Use as destination the configured public ip address of the wan interface facing internet of the remote router.
It would be easier if you provide us the configuration of at least the interface facing internet for both routers (including routing configuration) as there is a configuration difference for dsl service for some countries.
02-20-2007 05:32 AM
hi medan,
i dont how any configuration but i have to start configure the both end router after two days. so please send me some example's configuration.
02-20-2007 06:09 AM
For GRE Tunnel
Office Router WAN Public IP Address = a.b.c.2, Gateway = a.b.c.1
Remote Router WAN Interface Public IP Address = w.x.y.2, Gateway w.x.y.1
Since you're using 72.16.0.0/12 and 10.0.0.0/8, we will use 192.168.0.0/16 fro Tunnel IP
1. Office
!
interface tunnel0
ip address 192.168.0.1 255.255.255.252
tunnel source a.b.c.2
tunnel destination w.x.y.2
keepalive 5 4
ip mtu 1500
!
ip subnet-zero
!
ip classless
ip route 0.0.0.0 0.0.0.0 a.b.c.1
ip route 10.0.0.0 255.0.0.0 tunnel0
2. Remote
!
interface tunnel0
ip address 192.168.0.2 255.255.255.252
tunnel source w.x.y.2
tunnel destination a.b.c.2
keepalive 5 4
ip mtu 1500
!
ip subnet-zero
!
ip classless
ip route 0.0.0.0 0.0.0.0 w.x.y.1
ip route 172.0.0.0 255.240.0.0 tunnel0
02-20-2007 06:43 AM
For IPSEC
When you already have the IOS that is capable of running IPSEC, you need to remove the GRE Tunnel first.
1. Office
!
no interface tunnel0
!
no ip route 10.0.0.0 255.0.0.0 tunnel0
!
crypto isakmp policy 3
authentication pre-share
!
crypto isakmp key trinity address w.x.y.2 no-xauth
!
crypto ipsec transform-set NEO esp-des esp-sha-hmac
!
crypto map TheMatrix 1 ipsec-isakmp
set peer w.x.y.2
set transform-set NEO
set pfs group1
match address 101
!
access-list 101 permit ip 172.16.0.0 0.240.255.255 10.0.0.0 0.255.255.255
!
interface wan_interface_facing_internet
ip address a.b.c.2 255.255.255.252
crypto map TheMatrix
2. Remote
!
no interface tunnel0
!
no ip route 172.16.0.0 255.240.0.0 tunnel0
!
crypto isakmp policy 3
authentication pre-share
!
crypto isakmp key trinity address a.b.c.2 no-xauth
!
crypto ipsec transform-set NEO esp-des esp-sha-hmac
!
crypto map TheMatrix 1 ipsec-isakmp
set peer a.b.c.2
set transform-set NEO
set pfs group1
match address 101
!
access-list 101 permit ip 10.0.0.0 0.255.255.255 172.16.0.0 0.240.255.255
!
interface wan_interface_facing_internet
ip address w.x.y.2 255.255.255.252
crypto map TheMatrix
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: