since i have obtained my ccna close to 3 yrs ago, i have finally be given my first real project.... I have to setup from beginning to end a VPN connection to the internet. of hand, i assume i need the following:
the information given to me is: firewall utilizing IPSEC, a 10Mb circuit that i can expand as needed..
as we have cisco gear in our enviroment , i would like to stay with cisco at least for the router...
any recommended advice would be appreciated... hardware and software..
point to point GRE over IPSec is recommended if point to point connection
you don't need a firewall for this it is enough a router unless you configure the GRE tunnel on the router and then you can encrypt with IPSec over the firewall.
GRE tunnels are handy because they allow you to extend a routing protocol over them for example and makes IPsec configuration simpler: you just define as interesting traffic packets of the GRE tunnel
access-list 102 permit gre host 10.80.20.1 10.80.20.254
this can be an access-list used to define the crypto map.
if a new IP subnet is defined in one site you don't need to change the IPSec configuration as you would need without using GRE
Hope to help
Cisco will donate $1 to the Red Cross Haiti fund for every rated post!