10-04-2007 11:18 AM - edited 03-05-2019 06:53 PM
Is it possible to set up a VPN with the same subnet at both ends? For example, router 1 FA0/0 interface IP address 10.1.1.10 255.255.255.0, serial interface 192.168.100.1 255.255.255.0. Router 2 FA0/0 interface 10.1.1.20 255.255.255.0, serial interface 192.168.100.2 255.255.255.0. I need to connect the 10.1.1.x subnet through the 192.168.100.x link to connect a remote office to the main office.
Any help will be greatly appreciated.
Jim
10-04-2007 11:21 AM
Hi Jim
Yes, you can do this. Attached is a document that will take you through it step by step.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800b07ed.shtml
HTH
Jon
10-04-2007 11:30 AM
Jon,
Thank you VERY much. Sorry I didn't have much time to look this up myself. I'm under the gun here.
I'll let you know how it goes.
10-04-2007 11:46 AM
Jim
No problem. I've used IPSEC config docs quite a few times myself so i'm familiar with where to look.
Hope it goes okay.
Jon
10-04-2007 11:37 AM
Jim,
I just edited the post in which I had stated that you can't do IPSEC when overlapping addresses are in use. Though it's true in a straightforward scenario because of reasons I cited. However, Jon has posted a link that offers a workaround (NAT w/IPSEC) to this problem.
Good Luck!!
Jon that's a good link you have provided.
HTH
Sundar
10-04-2007 02:36 PM
The crypto command doesn't seem to be a recognized command in global, or any, mode. I'm using a 2621 router with software version 12.3(17a).
10-04-2007 02:58 PM
You probably do not have a crypto image, it would have k9 embedded in the filename of the IOS, running in the router to do IPSEC. Use software advisor on CCO to select the IOS that supports IPSEC functionality. Here's one that supports IPSEC c2600-jk9s-mz.12.2-46a.
HTH
Sundar
10-04-2007 06:43 PM
Thank you Sundar. I'll continue with this tomorrow when I get back to the office.
10-04-2007 07:40 PM
Hi Jim,
If I recall, and someone correct me if I am wrong. But you will need to have a 2600XM router to support the k9 IOS's. This is due to the memory restrictions on the 2600 routers. They only support a max of 16/64 flash/dram. You will need a 2600XM router in order to upgrade the memory that will be required to download the newer IOS images that support the crypto command set.
hth
Tim
10-05-2007 06:41 AM
Don't have those. Does anybody else have any suggestions?
This whole exercise is an attempt to manage routers across a serial link from a single point of contact. Both sides of the link are on a 10.1.1.x network because of a wireless mesh configuration.
10-05-2007 10:29 AM
Actually 2621 supports up to 32mb flash. Even if you only have a 16mb flash card there's a workaround available to run a crypto image. Check out this link for the workaround.
http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_field_notice09186a008040c94d.shtml
HTH
Sundar
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: