09-11-2007 12:47 AM - edited 02-21-2020 03:15 PM
Hi I am attempting to create a VPN tunnel between a 2621 and a cisco 877 ADSL router.
The setup is as below...
[2621](On Site)
fe0/0 has internal class C address
fe0/1 has external /30 address
no nat is used inside this network as all PC's have real IP's
[877] (remote location)
Dialer0 has bt broadband assigned address
I am doing the following...
creating virtual tunnel interfaces on both and assigninng private addresses to each? (Not sure best thing to do here...)
[2621 Setup]
tunnel source = fe0/1 address
tunel destination = 877's dialer0 address
tunnel mode gre ip
no shut
[877 SETUP]
ip address (a private one?)
tunnel source = dialer0 of 877
tunnel destination = fe01 of 2621
tunnel mode gre ip
no shut
Once this is done i thoght I should be able to ping each tunnell interface from the other?
Please can someone help and point me in the righ direction....
(PS I have been following the "Site to Site and Extranet VPN Business Scenarios" doc from Cisco site.
09-11-2007 09:30 PM
hi
can you post the output of show run/show ip int brief/show interface tunnel x and also show ip route.
regds
09-12-2007 01:50 AM
Hi,
Thanks for the interest, I have however got the VPN tunnel working (I was just making silly mistakes)
However i now need to encrypt the tunnel and am not sure wht is the best and easiest (quicker way) to implement the encryption?
Any ideas anyone?
Urfan
09-12-2007 02:06 AM
Hi Urfan
You can refer the below link for more info on configuring up the same...
Instead of configuring and binding the crypto map onto your physical interface you need to attach the same under the logical tunnel interface.
Also make sure that you have your traffic forwarded via the tunnel interface so that they are encrypted end to end.
http://cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html#anchor17
regds
09-12-2007 02:27 AM
Hi thanks for that spremkumar, im a little confused as to which document to use...I am trying to implement a shared key between the two by using the crypto isakmp command which seems to work on the 877 but the command is not recognised ni the 2621?
Im not sure why and what else i can do?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: