09-17-2008 01:02 AM - edited 03-09-2019 09:29 PM
Hi,
I have 2 Cisco 877 DSL routers. I want to practise creating a VPN between each other, apart form buying to ADSL lines is there are way I can "spoof" this?
Thanks
09-17-2008 05:54 AM
Andy,
Follow the instructions in the below link:-
http://www.cisco.com/en/US/tech/tk175/tk274/technologies_configuration_example09186a0080135834.shtml
HTH>
09-17-2008 05:58 AM
see previous post for more information and troubleshooting:-
HTH>
09-17-2008 11:13 AM
Thanks.
Damn I don't have SDSL ports. Below is my home lab kit, can you see by lookingat them if I can create a VPN locally.
1 x Pix515
1 x Cisco 2620 with 2 x WIC-1T
1 x 2950 24 port switch
1 x 1600
1 x 1721 sadly no power supply
2 x 837 ADSL router
09-17-2008 12:05 PM
Yes - One router has to have a crypto image.
I would create a "internet vlan" in the 2950.
Attach one 1 the routers (Internet Router) into the internet vlan and give the Eth or FE IP address of 1.1.1.1/8
Connect the PIX515 (Firewall 1) into the internet vlan and give the outside interface an IP of 1.1.2.1/8 with a default route pointing to 1.1.1.1
Create another vlan called "sitea" and connect the pix inside interface into it and give it an IP of 192.168.1.1/24. Connect another router (Router 1) to the "sitea" vlan and give the ewth or FE an IP address of 192.168.1.2/24
The router with the crypto image (Router 2)- connect it's eth or fe to the "internet vlan" and give it an IP address of 1.1.3.1/8 with a default route pointing to 1.1.1.1. Create a loopback interface say 0 with an IP address of 192.168.2.1/24
Then create the VPN between Router 2 and the PIX. The VPN src from Router 2 is the loopback0 IP network (192.168.2.0/24) , and the src from Router 1 is the FE IP network (192.168.1.0/24)
Just spit balling - try it out, then troubleshoot it if it does not work first time around (good excercise!)
HTH>
09-17-2008 12:27 PM
Wow! I will need some time to set this up. What router would be best for the crypto image? And how do I add a loopback?
So this is creating a VPN between 2 routers and not the Pix?
09-17-2008 02:41 PM
The router with a large enough flash and enough memory to run the image - the IOS download tool will tell you that.
The loopback config is easy:-
interface loopback 0
ip address x.x.x.x y.y.y.y
x.x.x.x = ip address
y.y.y.y = subnet mask
NO - this is creating a VPN between the PIX and Router 2.
As I think most of the routing devices you have only have 1 ethernet interface, it's quite limiting. But the PIX has 2 interfaces, inside and outside - so the VPN terminates on the outside interface and the un-encrypted traffic passes thru the inside to router 1.
Router 2 sadly has the VPN and LAN access on the same device - if you had a router with 2 LAN interfaces the desing would be different....you could then setup a vlan calles "siteb" then connect 1 interface from that router into the "internet vlan" and the other interface into the "siteb vlan", THEN connect ANOTHER router (router 3) into the "siteb" vlan to be the layer 3 routing device for that lab site.
Happy testing.
HTH>
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: