Adding a 3rd site to existing 876 VPN routers

Unanswered Question
Feb 10th, 2009

Greetings,

I have 2 876 routers which connect trough a GRE IPsec tunnel. Also the routers by default use the ISDN port as backup in case the DSL fails.

I have 2 questions

a. If a add a 3rd site do i need to configure a separate GRE tunnel/crypto map etc or just add the details of the 3rd site to my existing config?

b. I saw that through SDM i only have the option of inserting the 'dial string' of the remote site. In this scenario i need to configure dialer map for each remote site. Will it work in 876 so that the central site dial to 2 separate destinations?

Please repply if you have any info because i am troubled if i need to keep 876 for my central site or upgrade to 1841 model, which is quite expensive.

many thanks

themis

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JamesLuther Thu, 02/12/2009 - 06:28

Hello,

876 routers support 10 ipsec tunnels so you won't need to upgrade.

To configure the new site then just add it as a seperate VPN tunnel. I imagine you'll want to create a mesh? You can then setup your routing layer to reflect your chosen topology.

Thanks

tnikoletos Fri, 02/20/2009 - 05:02

Greetings and thanks gor your quick reply. I feel puzzled in 2 things.

1.My current tunnel from central to site 1 is in subnet 10.0.0.X /255.255.255.252(i.e 10.0.0.1 and .2)

Can the new tunnel for site 2 be 10.0.0.3-4 or a new subnet e.g. 11.0.0.1-2 is required?

2. I run 'show startup config' and found 2 crypto isakamp policys. See below (i have removed the real ip addresses with x1, x2,x3). How can i check which one is currently used?

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp policy 2

encr 3des

group 2

crypto isakmp key xxxxx address x1

crypto isakmp key xxxxx address x2

crypto isakmp key xxxxx address x3

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel to x2

set peer x2

set transform-set ESP-3DES-SHA

match address 100

!

interface Tunnel1

ip address 10.0.0.1 255.255.255.252

qos pre-classify

keepalive 1 3

tunnel source Dialer1

tunnel destination x2

!

!

interface Dialer1

description $FW_OUTSIDE$

ip address xxxxxx 255.255.255.0

ip access-group 107 in

ip nat outside

ip inspect SDM_MEDIUM out

ip virtual-reassembly

encapsulation ppp

dialer pool 2

dialer-group 2

no cdp enable

ppp authentication xxxx

ppp chap hostname xxxxx

ppp chap password 7 xxxxx

ppp pap sent-username xxxxxx password 7 xxxx

crypto map SDM_CMAP_1

I need to do this setup on an already configured router and my experience is basic so please be as descriptive as possible.

Again, thanks for your time :)

regards,

themis

Actions

This Discussion