cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
349
Views
3
Helpful
5
Replies

setting up a 877 to terminate 2 vpn's nothing else.

paul.vickers
Level 1
Level 1

Trying to setup a 877 to terminate 2 vpns.

it is 192.168.1.15 on a 192.168.1.0 lan.

It connects to a garden variety business grade ADSL over copper service, with a static IP.

It has a tunnel1 to a 192.168.64.0 network

and a tunnel2 to a 192.168.0 network.

what do I need to I have routing from hosts on the local 192.168.1.0 network to the 2 networks connected by vpn?

what do I need to have routing from the hosts on the vpn network back to host on the 192.168.1.0 network.

This router will not be used for internet browsing access.

There is another router on the 192.168.1.0 network (192.168.1.1) that is the gateway out.

How do I make sure there is a route for the hosts on the vpn networks to get out to the internet via the vpn then 192.168.1.1?

something like this?

ip route 0.0.0.0 0.0.0.0 Dialer0

ip route 192.168.8.0 255.255.255.0 Tunnel2

ip route 192.168.64.0 255.255.255.0 Tunnel1

What am I missing?

5 Replies 5

paolo bevilacqua
Hall of Fame
Hall of Fame

Hi,

you are doing VPN in for of GRE tunlles, not encrypted IPsec?

If so, you just need to configure

router rip

network .... <-- put you tunnel address here)

redistribute connected subnets

The protocol will propagate routes and you will need not to enter any static route.

To have the two routers coexist, I suggest you do the following,

ip route 0.0.0.0 0.0.0.0 192.168.1.1

And on the PCs, set default gateway address as the 877 one.

Hope this helps, please rate post if it does!

The VPN tunnels are GRE over ipsec.

What exsactly does ip route 0.0.0.0 0.0.0.0 192.168.1.1 do?

is that saying go to 192.168.1.1 for all ip addresses on all subnets?

don't I have to say go to tunnel1 for 192.168.64.0 first? and tunnel2 for 192.168.8.0 ?

otherwise how do hosts on the 192.168.1.0 network get routed to the hosts on the networks on the other end of the vpn's?

How do I do that?

Hi,

ip route 0.0.0.0 0.0.0.0 is the default route, that is where to send all packets that are not for other known subnets.

Have you ever heard of routing protocols? With them you do not need to enter as many static routes to say got to, etc.

It is not difficult to use. If you like the idea, look for "configuring rip" on CCO.

The whole point of having GRE over IPSec is to be able to do this kind of things, else a simple basic ipsec configuration would do, without the need for GRE.

If not, then again you will have to configure static routes everywhere telling all routers all the destinations you want to reach and how.

Ok. to avoid any more confusion, I have attached the config so far.

It has been sanitised to remove identifying information of course...

Hopefully, it will do what I want it to do...

Any suggestions or improvements would be appreciated.

That should do it. In this case the config wasn't so necessary, what you wanted to do was clear from the onset.

But thanks for providing it and god luck!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco