Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
0
Helpful
2
Replies

three WAN cct

anitachoi3
Level 1
Level 1

‎12-09-2007 06:02 AM - edited ‎03-03-2019 07:51 PM

Hi,

we have three WAN ccts (6M ADSL, 10M ethernet and E1 IPLC). all of themn are connected to 4700. I will build the vpn between HK and TW. Also, we have one IPLC between HK and TW.

following is the ip address allocation

1. 192.168.16.0/22 in HK HQ

2. 192.168.132.0/22 in TST

3. 192.168.196.0/22 in TW

I would like to achieve those services, all traffic access destination IP:

1. 192.168.196.0/24 must via IPLC

2. 192.168.197.0/24 must via VPN

3. 192.168.198.0/24, some goes iplc some goes vpn

and

4. 192.168.16.128/25 access 192.168.196.0/24 must go VPN (not IPLC)

5. 192.168.133.128/25 access 192.168.196.0/24 must go VPN (not IPLC)

what config can achieve item 4 and 5 requirement? pls advise

regards,

! router config:

!

crypto isakmp key xxxxx address 152.x.x.x

!

crypto ipsec transform-set myset esp-des esp-md5-hmac

!

crypto map mymap local-address FastEthernet1

!

crypto map mymap 120 ipsec-isakmp

description vpn to TW

set peer 152.x.x.x

set transform-set myset

match address 120

!

access-list 120 permit ip 192.168.16.0 0.0.3.255 192.168.196.0 0.0.3.255

access-list 120 permit ip 192.168.132.0 0.0.3.255 192.168.196.0 0.0.3.255

!

interface FastEthernet 0.1

description to 10M ethernet to TST

ip address 192.168.128.1 255.255.255.252

ip nat inside

!

interface FastEthernet 0.2

description to user segment

ip address 192.168.16.1 255.255.255.0

ip address 192.168.17.1 255.255.255.0 sec

ip address 192.168.18.1 255.255.255.0 sec

ip address 192.168.19.1 255.255.255.0 sec

ip nat inside

!

interface FastEthernet 1

description to PCCW ADSL (VPN service)

ip address 218.x.x.x 255.255.255.254

ip nat outside

crypto map mymap

!

interface serial 0

description to TW

ip address 192.168.192.1 255.255.255.252

!

ip nat pool NAT 218.x.x.x 218.x.x.x netmask 255.255.255.254

ip nat inside source route-map VPN_nonat interface FastEthernet1 overload

!

route-map VPN_nonat permit 10

match ip address 150

!

access-list 150 deny ip 192.168.16.0 0.0.3.255 192.168.196.0 0.0.3.255

access-list 150 deny ip 192.168.132.0 0.0.3.255 192.168.196.0 0.0.3.255

access-list 150 permit ip 192.168.16.0 0.0.3.255 any

access-list 150 permit ip 192.168.132.0 0.0.3.255 any

!

! go iplc

ip route 192.168.196.0 255.255.255.0 serial 0

!

! some go iplc

ip route 192.168.198.110 255.255.255.255 serial 0

ip route 192.168.198.153 255.255.255.255 serial 0

ip route 192.168.198.166 255.255.255.255 serial 0

ip route 192.168.198.248 255.255.255.248 serial 0

!

! other traffic should go VPN

Labels:
0 Helpful
2 Replies 2

aghaznavi
Level 5
Level 5

‎12-17-2007 06:11 AM

Implement IPsec tunnel between 192.168.16.128/25 and 192.168.196.0/24 and also 192.168.133.128/25 and 192.168.196.0/24 . If you are not familiar the steps use the SDM for configuration.

0 Helpful

anitachoi3
Level 1
Level 1
In response to aghaznavi

‎12-20-2007 09:04 AM

I should build VPN

the first is 192.168.16.0 - 192.168.196.0

and ipsec tunnel

the second is 192.168.16.128 - 192.168.196.0

any sample of ipsec tunnel config?

rgds

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card