Thanks for that kwillacey. Could you elaborate on that a bit more? An example config would be helpful? Never come across that before in ios.

Would it be any better using one with the adsl directly connected or is the bridging not a big issue?

Also any example configs for the gre tunnels and options for encryption would be really usefull.

TIA

Urfan

The bridging should not be a big issue as long as you know how to do it on the DSL modem that you have, but I have always preferred having the DSL line directly connected to the router and do all the configurations myself.

The link below will show you how to configure the dynamic to static VPN.

http://www.cisco.com/en/US/tech/tk583/tk37/technologies_configuration_example09186a0080093f86.shtml

Why would you need GRE? Are you planning to do routing across the VPN? If that's the case you could try DVTIs they work well.

Yeh I am planning on running a routing protocol between both sites so I can have PC's in the remote site be connected to the active directory/exchange in the office.

Once set up the PC at remote site should be connected to the AD/Exchange all the time making it no different to the office, so i would imagine a routing protocol needs to be run to allow the two sites to be in contact all the time.

PS the link does not work

Oh sorry about that

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f86.shtml

If you just want the tunnel to be up all the time there are other ways to accomplish that, but unless the router is not the default gateway and you have multiple subnets at the branch then I don't think you would need routing.

Even then just having a default route that points to your Internet router, whether it be on your core switch or any other switch or router behind the Internet router, would be enough.

Im not sure if im making myself very clear...What I am attempting is this...

Office has ADSL and the exchange server and 3 client PC's (small office and network)...I would have an 800 series as the default gateway for everything in the office to the outside world...

I also have an 800 series at home with my one pc at home, that one pc needs to be a part of the same windows domain and active directory set up on the server in the office...

What I thought is that the PC at home will have a default gateway (to get to the general Internet etc) of the 800 series and also have a route to the office server via the tunnell...

So I would need to have a different subnet in the home to the one in the office (so the 800 series at home can distinguish between traffic for the office and traffic that stays in the house?)

so example would be 192.168.1.0/24 in the office and 192.168.2.0/24 at home. I see what you mean though about using a static route that simply points 192.168.1.0/24 out the tunnell from home and vice versa from the office to home, (and everything else out the DSL port)

If a GRE tunnell isnt the only option, any ideas what else I could use?

Thanks for helping

Urfan

I get what you're saying but you still don't need GRE to facilitate dynamic routing to accomplish that, the default static route pointing to the Internet on both routers will be fine.

Assuming your home network will have the dynamic public IP and your office will have the static public IP, the VPN connection can only be initiated from the home network.

So what will happen is your PC at home '192.168.2.2' will try to contact the server at the office '192.168.1.2' that traffic will be sent to the default gateway on the PC '192.168.2.1' which is the router.

The router will realize, based on the crypto map, that this traffic must be encrypted and sent across the VPN, if everything is configured properly the tunnel will come up, and traffic will be sent over the tunnel via the default route on the router pointing to the Internet.

When the traffic reaches the other end it will be the same scenario in reverse. All traffic that hits the router not destined for the LAN for which that router is apart of will be sent out the Internet and if the traffic matches the crypto map it will be sent over the VPN. So a regular site to site VPN is all you need.

Hope that helps.

Ok cool, I get what you mean...I also have a static IP at home as well as the office. Can you explain or point me towards where I can find the difference between GRE tunnel and a site to site VPN?

Also an example config would be VERY usefull! :-)

Urfan

This should be a better link to configure your site to site.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009448f.shtml

This will link you to information on GRE.

http://www.cisco.com/en/US/tech/tk827/tk369/tk287/tsd_technology_support_sub-protocol_home.html

The simple explanation is multicast can't go across a VPN tunnel which routing protocols use to form relationships.

Hope this helps.