Site to Site VPN

Unanswered Question
Feb 28th, 2010
User Badges:

Dear all,

I have a router 2811 with internet line of 2 Mbps in my head office and PIX 515e firewall bettwen the LAN and this router.

In another branch of my company, i have router 2811 with internet line of 1 Mbps and ASA 5510 firewall bettwen the LAN and this router.

Also, i have a dedicated MPLS line with 6 Mbps connect head office with the branch(between the two routers)

Finally i want to make a site to site VPN between the head office and the branch through the internet, so, how to be done and where on router or firewall.

Thanks a lot for your cooperation.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mopaul Sun, 02/28/2010 - 20:45
User Badges:
  • Bronze, 100 points or more


You need to configure VPN on the end device (i.e close to internet). To my understanding you have a following topology:-

----ASA----Router---[ Internet]---Router---ASA

If this is true, please refer the following sample configuration document link to configure VPN on Routers.

Configuring a Router IPsec Tunnel Private-to-Private Network with NAT and a Static

In this configuration example,
--The access-list 101 on R2 is used to define the interesting traffic for VPN.
--The access-list 175 on R2 is used to exempt the VPN interesting traffic from NAT on router. They keyword "DENY" is used for said purpose.

Similarly its done on Router 3 as well.

Note: You need the access-list 175, if you are doing NAT on router else its not required.





This Discussion