Setting up VPN Tunnel

Unanswered Question
Sep 11th, 2007
User Badges:

Hi I am attempting to create a VPN tunnel between a 2621 and a cisco 877 ADSL router.

The setup is as below...

[2621](On Site)

fe0/0 has internal class C address

fe0/1 has external /30 address

no nat is used inside this network as all PC's have real IP's

[877] (remote location)

Dialer0 has bt broadband assigned address

I am doing the following...

creating virtual tunnel interfaces on both and assigninng private addresses to each? (Not sure best thing to do here...)

[2621 Setup]

tunnel source = fe0/1 address

tunel destination = 877's dialer0 address

tunnel mode gre ip

no shut

[877 SETUP]

ip address (a private one?)

tunnel source = dialer0 of 877

tunnel destination = fe01 of 2621

tunnel mode gre ip

no shut

Once this is done i thoght I should be able to ping each tunnell interface from the other?

Please can someone help and point me in the righ direction....

(PS I have been following the "Site to Site and Extranet VPN Business Scenarios" doc from Cisco site.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
spremkumar Tue, 09/11/2007 - 21:30
User Badges:
  • Red, 2250 points or more


can you post the output of show run/show ip int brief/show interface tunnel x and also show ip route.


Urfan Khaliq Wed, 09/12/2007 - 01:50
User Badges:


Thanks for the interest, I have however got the VPN tunnel working (I was just making silly mistakes)

However i now need to encrypt the tunnel and am not sure wht is the best and easiest (quicker way) to implement the encryption?

Any ideas anyone?


spremkumar Wed, 09/12/2007 - 02:06
User Badges:
  • Red, 2250 points or more

Hi Urfan

You can refer the below link for more info on configuring up the same...

Instead of configuring and binding the crypto map onto your physical interface you need to attach the same under the logical tunnel interface.

Also make sure that you have your traffic forwarded via the tunnel interface so that they are encrypted end to end.


Urfan Khaliq Wed, 09/12/2007 - 02:27
User Badges:

Hi thanks for that spremkumar, im a little confused as to which document to use...I am trying to implement a shared key between the two by using the crypto isakmp command which seems to work on the 877 but the command is not recognised ni the 2621?

Im not sure why and what else i can do?


This Discussion