setting up a 877 to terminate 2 vpn's nothing else.

Unanswered Question

Trying to setup a 877 to terminate 2 vpns.

it is on a lan.

It connects to a garden variety business grade ADSL over copper service, with a static IP.

It has a tunnel1 to a network

and a tunnel2 to a 192.168.0 network.

what do I need to I have routing from hosts on the local network to the 2 networks connected by vpn?

what do I need to have routing from the hosts on the vpn network back to host on the network.

This router will not be used for internet browsing access.

There is another router on the network ( that is the gateway out.

How do I make sure there is a route for the hosts on the vpn networks to get out to the internet via the vpn then

something like this?

ip route Dialer0

ip route Tunnel2

ip route Tunnel1

What am I missing?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Paolo Bevilacqua Sat, 05/12/2007 - 01:30


you are doing VPN in for of GRE tunlles, not encrypted IPsec?

If so, you just need to configure

router rip

network .... <-- put you tunnel address here)

redistribute connected subnets

The protocol will propagate routes and you will need not to enter any static route.

To have the two routers coexist, I suggest you do the following,

ip route

And on the PCs, set default gateway address as the 877 one.

Hope this helps, please rate post if it does!

The VPN tunnels are GRE over ipsec.

What exsactly does ip route do?

is that saying go to for all ip addresses on all subnets?

don't I have to say go to tunnel1 for first? and tunnel2 for ?

otherwise how do hosts on the network get routed to the hosts on the networks on the other end of the vpn's?

How do I do that?

Paolo Bevilacqua Sun, 05/13/2007 - 08:43


ip route is the default route, that is where to send all packets that are not for other known subnets.

Have you ever heard of routing protocols? With them you do not need to enter as many static routes to say got to, etc.

It is not difficult to use. If you like the idea, look for "configuring rip" on CCO.

The whole point of having GRE over IPSec is to be able to do this kind of things, else a simple basic ipsec configuration would do, without the need for GRE.

If not, then again you will have to configure static routes everywhere telling all routers all the destinations you want to reach and how.

Paolo Bevilacqua Sun, 05/13/2007 - 20:11

That should do it. In this case the config wasn't so necessary, what you wanted to do was clear from the onset.

But thanks for providing it and god luck!


This Discussion