tips for setting up a secure connection to the internet

Answered Question
Mar 30th, 2010
User Badges:

since i have obtained my ccna close to 3 yrs ago, i have finally be given my first real project....  I have to setup from beginning to end a VPN connection to the internet.  of hand, i assume i need the following:


Router

Firewall


the information given to me is: firewall utilizing IPSEC,  a 10Mb circuit that i can expand as needed..


as we have cisco gear in our enviroment , i would like to stay with cisco at least for the router...


any recommended advice would be appreciated...  hardware and software..


thanks


r davis

Correct Answer by Giuseppe Larosa about 7 years 3 months ago

Hello Rdavis,


point to point GRE over IPSec is recommended if point to point connection


http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/1_p2pGRE_Phase2.html


you don't need a firewall for this it is enough a router unless you configure the GRE tunnel on the router and then you can encrypt with IPSec over the firewall.


GRE tunnels are handy because they allow you to extend a routing protocol over them for example and makes IPsec configuration simpler: you just define as interesting traffic packets of the GRE tunnel


access-list 102 permit gre host 10.80.20.1 10.80.20.254


this can be an access-list used to define the crypto map.


if a new IP subnet is defined in one site you don't need to change the IPSec configuration as you would need without using GRE


Hope to help

Giuseppe



Cisco will donate $1 to  the Red Cross Haiti fund for every rated post!

https://supportforums.cisco.com/docs/DOC-8727

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Giuseppe Larosa Tue, 03/30/2010 - 05:10
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Rdavis,


point to point GRE over IPSec is recommended if point to point connection


http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/1_p2pGRE_Phase2.html


you don't need a firewall for this it is enough a router unless you configure the GRE tunnel on the router and then you can encrypt with IPSec over the firewall.


GRE tunnels are handy because they allow you to extend a routing protocol over them for example and makes IPsec configuration simpler: you just define as interesting traffic packets of the GRE tunnel


access-list 102 permit gre host 10.80.20.1 10.80.20.254


this can be an access-list used to define the crypto map.


if a new IP subnet is defined in one site you don't need to change the IPSec configuration as you would need without using GRE


Hope to help

Giuseppe



Cisco will donate $1 to  the Red Cross Haiti fund for every rated post!

https://supportforums.cisco.com/docs/DOC-8727

davisr651 Tue, 04/06/2010 - 08:18
User Badges:

Thank you ... i willl read the link you provided....


rob davis

davisr651 Tue, 04/06/2010 - 10:19
User Badges:

We are moving from ANX connectivity into our supplier where we will have about 20 tunnels at a time.. will GRE suffice?

Actions

This Discussion