08-26-2010 03:48 PM - edited 03-04-2019 09:34 AM
I need to set up a site to site vpn between 2 cisoc 1811 routers. My understanding is it will work something like this:
There are 2 networks (A and B) A has an ip range of 10.10.11.xx and B has an ip range of 10.10.12.xx the site to site vpn will allow users in network A to pin( and use resources) from network B and vice versa. So my question is how do I set that up using the CCP (as I don't really understand the command line yet)
What do I put in the first box where it says select the interface for this vpn connection. My options are FastEthernet0 or Vlan. FE0 is where the internet is comming in and Vlan1 is the dhcp addresses.
I understand the next part about peer identity and authencation (here I enter in the static IP from my ISP and the pre shared key)
Then I get to the traffic to encrypt step. What do I put in the box where it says source? Again my options are FastEthernet0 and Vlan1. Then what do I put in the destination boxes? Is it the static ip assigned by my isp, along with the subnet, or is it the ip range I set up 10.10.12.xx or 10.10.11.xx?
One more question, this one isn't crutial but would be nice to know. Can I connect to one of the networks remotely by SSL vpn (which does work) and use CCP to access the router remotely.
Solved! Go to Solution.
08-27-2010 02:13 PM
On router A with subnet 10.x.11.0/24 , the source will be 10.x.11.0 255.255.255.0 and destination will be 10.x.12.0 255.255.255.0
On router B with subnet 10.x.12.0/24 , the source will be 10.x.12.0 255.255.255.0 and destionation will be 10.x.11.0 255.255.255.0 , not sure if ios needs wildcards or subnets for acl but you can always verify that. also, these are called crypto acl's and they distinguish the traffic that needs to be encrypted before sending it out using ipsec.
also , It is always better to use CLI then GUI and i agree with that part
Thanks
Manish
08-26-2010 03:57 PM
Do you need encrypted or clear traffic is OK ?
Do you have static or dynamic addresses ?
08-27-2010 07:00 AM
The traffic should be encrypted and I have static IP address assigned by my ISP.
08-27-2010 12:49 PM
Check:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080194650.shtml
You can also set transform to be null encryption with LZS compression, for a good bandwidht saving.
08-27-2010 01:39 PM
Thanks, but that article gets into the command line a lot. I'm pretty new to cisco routers and don't really understand the command line yet, so I was hoping to set up the site to site vpn via the Cisco Configuration Professional.
08-27-2010 01:44 PM
I would advise you against using any GUI when it comes to get professional results from Cisco routers.
08-27-2010 02:13 PM
On router A with subnet 10.x.11.0/24 , the source will be 10.x.11.0 255.255.255.0 and destination will be 10.x.12.0 255.255.255.0
On router B with subnet 10.x.12.0/24 , the source will be 10.x.12.0 255.255.255.0 and destionation will be 10.x.11.0 255.255.255.0 , not sure if ios needs wildcards or subnets for acl but you can always verify that. also, these are called crypto acl's and they distinguish the traffic that needs to be encrypted before sending it out using ipsec.
also , It is always better to use CLI then GUI and i agree with that part
Thanks
Manish
08-27-2010 02:38 PM
Ok That's good. But in the first box that says select this interface for this vpn connection I have two choiced vlan1 and fastethernet0. Which one do I pick?
While it probably is better to configure it with the CLI, I don't have time right now to learn the CLI (management wants this VPN set up soon), so for now I'll use the GUI and learn the CLI when I have time.
08-27-2010 02:47 PM
I would say fastethernet 0. try to configure it with that GUI if it works
then fine otherwise post the sh run of both the routers and we can then resolve the problem faster looking at the configuration.
remove passwords & public ip like this example 4.2.2.2 x.x.2.2 .
Thanks
Manish
08-27-2010 03:45 PM
Thanks. The VPN is working now.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide