Site to Site VPN

Unanswered Question
Feb 28th, 2010

Dear all,

I have a router 2811 with internet line of 2 Mbps in my head office and PIX 515e firewall bettwen the LAN and this router.

In another branch of my company, i have router 2811 with internet line of 1 Mbps and ASA 5510 firewall bettwen the LAN and this router.

Also, i have a dedicated MPLS line with 6 Mbps connect head office with the branch(between the two routers)

Finally i want to make a site to site VPN between the head office and the branch through the internet, so, how to be done and where on router or firewall.

Thanks a lot for your cooperation.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mopaul Sun, 02/28/2010 - 20:45


Hi,


You need to configure VPN on the end device (i.e close to internet). To my understanding you have a following topology:-


----ASA----Router---[ Internet]---Router---ASA


If this is true, please refer the following sample configuration document link to configure VPN on Routers.


Configuring a Router IPsec Tunnel Private-to-Private Network with NAT and a Static
www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml

In this configuration example,
--The access-list 101 on R2 is used to define the interesting traffic for VPN.
--The access-list 175 on R2 is used to exempt the VPN interesting traffic from NAT on router. They keyword "DENY" is used for said purpose.

Similarly its done on Router 3 as well.

Note: You need the access-list 175, if you are doing NAT on router else its not required.

HTH....


Regards


M

Actions

This Discussion