i want simple configuration

will you please give me some basic confiuration?

1. Does both site (office and remote) has a static assigned Public IP Address from your internet provider(s)?

2. Does both router IOS capable of running IPSEC and or IP GRE?

yes,

i had only single static public IP address.

and IOS is capable of IP GRE.

is it possible to establish gre tunnel between both the site and forwarding only private ip address data to the tunnel using static route and for othere internet traffice we can use that default router which is pointing to the real ip of interface or to the default gateway of the isp.

Yes its possible. For example you build a GRE Tunnel0, your routing will be like this

Office (RouterA):

ip route 0.0.0.0 0.0.0.0 ip_address_of_isp_router_facing_routerA

ip route 10.0.0.0 255.0.0.0 Tunnel0

Remote (RouterB):

ip route 0.0.0.0 0.0.0.0 ip_address_of_isp_router_facing_routerB

ip route 172.16.0.0 255.240.0.0 Tunnel0

You can use the link previously provided to build GRE Tunnel, else if you want a configuration sample that suit your environment, we need you to post your configuration (remove confidential information like password, and change the first and second octet of the public ip address to xxx.yyy)

thank you expert,

right now i am configuring the same using GRE but i thing in LAN switching forum RAJ replied me with IPSEC so i will try to move on it slowly. but your advise help me a lot in configuration thank you very much.

I really appriciate your help and support, i also appriciate all the exper and member of the discussion forum for their knowledge sahring.

thank you very much again

Since your router does not support IPSEC, you can try GRE first. Once its working, you can justify to put some $$$ to upgrade to IOS that support IPSEC so that the tunnel is secure :)

when confiugring GRE? what ip address i should use to configure the tunnel interface ip address? it must be private ip address and i should use tunnel source as the Global IP address which is already configure to my one the the interface which is facing towards the ISP? am i right or wrong?

please provide me both end solution as well as same for IP sec VPN...

Use as source the wan interface facing internet configured with public ip address of the local router. Use as destination the configured public ip address of the wan interface facing internet of the remote router.

It would be easier if you provide us the configuration of at least the interface facing internet for both routers (including routing configuration) as there is a configuration difference for dsl service for some countries.

hi medan,

i dont how any configuration but i have to start configure the both end router after two days. so please send me some example's configuration.

For IPSEC

When you already have the IOS that is capable of running IPSEC, you need to remove the GRE Tunnel first.

1. Office

!

no interface tunnel0

!

no ip route 10.0.0.0 255.0.0.0 tunnel0

!

crypto isakmp policy 3

authentication pre-share

!

crypto isakmp key trinity address w.x.y.2 no-xauth

!

crypto ipsec transform-set NEO esp-des esp-sha-hmac

!

crypto map TheMatrix 1 ipsec-isakmp

set peer w.x.y.2

set transform-set NEO

set pfs group1

match address 101

!

access-list 101 permit ip 172.16.0.0 0.240.255.255 10.0.0.0 0.255.255.255

!

interface wan_interface_facing_internet

ip address a.b.c.2 255.255.255.252

crypto map TheMatrix

2. Remote

!

no interface tunnel0

!

no ip route 172.16.0.0 255.240.0.0 tunnel0

!

crypto isakmp policy 3

authentication pre-share

!

crypto isakmp key trinity address a.b.c.2 no-xauth

!

crypto ipsec transform-set NEO esp-des esp-sha-hmac

!

crypto map TheMatrix 1 ipsec-isakmp

set peer a.b.c.2

set transform-set NEO

set pfs group1

match address 101

!

access-list 101 permit ip 10.0.0.0 0.255.255.255 172.16.0.0 0.240.255.255

!

interface wan_interface_facing_internet

ip address w.x.y.2 255.255.255.252

crypto map TheMatrix