I need to set up a site to site vpn between 2 cisoc 1811 routers. My understanding is it will work something like this:
There are 2 networks (A and B) A has an ip range of 10.10.11.xx and B has an ip range of 10.10.12.xx the site to site vpn will allow users in network A to pin( and use resources) from network B and vice versa. So my question is how do I set that up using the CCP (as I don't really understand the command line yet)
What do I put in the first box where it says select the interface for this vpn connection. My options are FastEthernet0 or Vlan. FE0 is where the internet is comming in and Vlan1 is the dhcp addresses.
I understand the next part about peer identity and authencation (here I enter in the static IP from my ISP and the pre shared key)
Then I get to the traffic to encrypt step. What do I put in the box where it says source? Again my options are FastEthernet0 and Vlan1. Then what do I put in the destination boxes? Is it the static ip assigned by my isp, along with the subnet, or is it the ip range I set up 10.10.12.xx or 10.10.11.xx?
One more question, this one isn't crutial but would be nice to know. Can I connect to one of the networks remotely by SSL vpn (which does work) and use CCP to access the router remotely.
On router A with subnet 10.x.11.0/24 , the source will be 10.x.11.0 255.255.255.0 and destination will be 10.x.12.0 255.255.255.0
On router B with subnet 10.x.12.0/24 , the source will be 10.x.12.0 255.255.255.0 and destionation will be 10.x.11.0 255.255.255.0 , not sure if ios needs wildcards or subnets for acl but you can always verify that. also, these are called crypto acl's and they distinguish the traffic that needs to be encrypted before sending it out using ipsec.
also , It is always better to use CLI then GUI and i agree with that part