cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4668
Views
9
Helpful
9
Replies

How to set up a site to site VPN between 2 cisco 1811 routers

jsandau
Level 1
Level 1

I need to set up a site to site vpn between 2 cisoc 1811 routers. My understanding is it will work something like this:

There are 2 networks (A and B) A has an ip range of 10.10.11.xx and B has an ip range of 10.10.12.xx the site to site vpn will allow users in network A to pin( and use resources) from network B and vice versa. So my question is how do I set that up using the CCP (as I don't really understand the command line yet)

What do I put in the first box where it says select the interface for this vpn connection. My options are FastEthernet0 or Vlan. FE0 is where the internet is comming in and Vlan1 is the dhcp addresses.

I understand the next part about peer identity and authencation (here I enter in the static IP from my ISP and the pre shared key)

Then I get to the traffic to encrypt step. What do I put in the box where it says source? Again my options are FastEthernet0 and Vlan1. Then what do I put in the destination boxes? Is it the static ip assigned by my isp, along with the subnet, or is it the ip range I set up 10.10.12.xx or 10.10.11.xx?

One more question, this one isn't crutial but would be nice to know. Can I connect to one of the networks remotely by SSL vpn (which does work) and use CCP to access the router remotely.

1 Accepted Solution

Accepted Solutions

On router A with  subnet 10.x.11.0/24 , the source will be 10.x.11.0 255.255.255.0 and destination will be 10.x.12.0 255.255.255.0

On router B with subnet 10.x.12.0/24 , the source will be 10.x.12.0 255.255.255.0 and destionation will be 10.x.11.0 255.255.255.0 ,  not sure if ios needs wildcards or subnets for acl but you can always verify that. also, these are called crypto acl's and they distinguish the traffic that needs to be encrypted before sending it out using ipsec.

also , It is always better to use CLI then GUI and i agree with that part

Thanks

Manish

View solution in original post

9 Replies 9

paolo bevilacqua
Hall of Fame
Hall of Fame

Do you need encrypted or clear traffic is OK ?

Do you have static or dynamic addresses ?

The traffic should be encrypted and I have static IP address assigned by my ISP.

Check:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080194650.shtml

You can also set transform to be null encryption with LZS compression, for a good bandwidht saving.

Thanks, but that article gets into the command line a lot. I'm pretty new to cisco routers and don't really understand the command line yet, so I was hoping to set up the site to site vpn via the Cisco Configuration Professional.

I would advise you against using any GUI when it comes to get professional results from Cisco routers.

On router A with  subnet 10.x.11.0/24 , the source will be 10.x.11.0 255.255.255.0 and destination will be 10.x.12.0 255.255.255.0

On router B with subnet 10.x.12.0/24 , the source will be 10.x.12.0 255.255.255.0 and destionation will be 10.x.11.0 255.255.255.0 ,  not sure if ios needs wildcards or subnets for acl but you can always verify that. also, these are called crypto acl's and they distinguish the traffic that needs to be encrypted before sending it out using ipsec.

also , It is always better to use CLI then GUI and i agree with that part

Thanks

Manish

Ok That's good. But in the first box that says select this interface for this vpn connection I have two choiced vlan1 and fastethernet0. Which one do I pick?

While it probably is better to configure it with the CLI, I don't have time right now to learn the CLI (management wants this VPN set up soon), so for now I'll use the GUI and learn the CLI when I have time.

I would say fastethernet 0. try to configure it with that GUI if it works

then fine otherwise post the sh run of both the routers and we can then resolve the problem faster looking at the configuration.

remove passwords & public ip like this example 4.2.2.2  x.x.2.2 .

Thanks

Manish

Thanks. The VPN is working now.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: