Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

VPN - newbie

Unanswered Question
Apr 23rd, 2002
User Badges:

Hello, I am new to VPN. I need to establish a VPN between 2 locations, 1end is a 1602R w/IP/IPX/AT/IBM/FW PLUS IPSEC 56; other end is 2620 w/Enterprise/FW Plus IPsec 56. I need to pass IPX as well as IP. The 2620 is currently running IP NAT overload, along w/ a couple static mappings, and an IP access list w/several rules.

1. Will this equip./sofware handle VPN ? ( I think yes )

2. Will we see a dramatic slow-down ? ( Some, depending on # users )

3. How can I determine the amount of memory needed ?

4. Will NAT and IP security still function ?

My understanding of VPN is limited to "you need to establish an IPSec tunnel".

I am also not clear on the GRE for ipx traffic. I believe I'm trying to setup a 'router to router' tunnel and then configure the protocol ??

I don't mind reading and learning, but am I barking up the wrong tree ?


Chris Byrnes

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gmiiller Tue, 04/23/2002 - 18:30
User Badges:

Okay, if you need to have IPX traffic tunnelled across your vpn, GRE tunnels are your only option. You don't have to encrypt the GRE tunnel, but if you do, you will need to create a crypto map that will encrypt all gre traffic from router a to router b, and then apply that crypto map to the relevant physical interface as well as the relevant logical (tunnel) interface. Becuase the GRE tunnel is an interface of sorts, you can have it as a nat outside/inside or not part of the nat arrangement at all. Configur ip and ipx on the tunnel interfaces to suit and you're done.

c.byrnes Wed, 04/24/2002 - 06:27
User Badges:

Thanks for the reply. I'm still not sure I have enough memory for the GRE/VPN application, and I'm really not clear on the tunnel setup. From your response, I gather that I will set up a GRE tunnel, and that the IPSec piece is the encryption. I'm also guessing that the tunnel is a logical interface, somewhat like a sub-interface. Any good docs you can point me to ?

Thanks again,

Chris Byrnes


This Discussion