Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN

Is it possible to set up a VPN with the same subnet at both ends? For example, router 1 FA0/0 interface IP address 10.1.1.10 255.255.255.0, serial interface 192.168.100.1 255.255.255.0. Router 2 FA0/0 interface 10.1.1.20 255.255.255.0, serial interface 192.168.100.2 255.255.255.0. I need to connect the 10.1.1.x subnet through the 192.168.100.x link to connect a remote office to the main office.

Any help will be greatly appreciated.

Jim

10 REPLIES
Hall of Fame Super Blue

Re: VPN

Hi Jim

Yes, you can do this. Attached is a document that will take you through it step by step.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800b07ed.shtml

HTH

Jon

New Member

Re: VPN

Jon,

Thank you VERY much. Sorry I didn't have much time to look this up myself. I'm under the gun here.

I'll let you know how it goes.

Hall of Fame Super Blue

Re: VPN

Jim

No problem. I've used IPSEC config docs quite a few times myself so i'm familiar with where to look.

Hope it goes okay.

Jon

Re: VPN

Jim,

I just edited the post in which I had stated that you can't do IPSEC when overlapping addresses are in use. Though it's true in a straightforward scenario because of reasons I cited. However, Jon has posted a link that offers a workaround (NAT w/IPSEC) to this problem.

Good Luck!!

Jon that's a good link you have provided.

HTH

Sundar

New Member

Re: VPN

The crypto command doesn't seem to be a recognized command in global, or any, mode. I'm using a 2621 router with software version 12.3(17a).

Re: VPN

You probably do not have a crypto image, it would have k9 embedded in the filename of the IOS, running in the router to do IPSEC. Use software advisor on CCO to select the IOS that supports IPSEC functionality. Here's one that supports IPSEC c2600-jk9s-mz.12.2-46a.

HTH

Sundar

New Member

Re: VPN

Thank you Sundar. I'll continue with this tomorrow when I get back to the office.

New Member

Re: VPN

Hi Jim,

If I recall, and someone correct me if I am wrong. But you will need to have a 2600XM router to support the k9 IOS's. This is due to the memory restrictions on the 2600 routers. They only support a max of 16/64 flash/dram. You will need a 2600XM router in order to upgrade the memory that will be required to download the newer IOS images that support the crypto command set.

hth

Tim

New Member

Re: VPN

Don't have those. Does anybody else have any suggestions?

This whole exercise is an attempt to manage routers across a serial link from a single point of contact. Both sides of the link are on a 10.1.1.x network because of a wireless mesh configuration.

Re: VPN

Actually 2621 supports up to 32mb flash. Even if you only have a 16mb flash card there's a workaround available to run a crypto image. Check out this link for the workaround.

http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_field_notice09186a008040c94d.shtml

HTH

Sundar

156
Views
5
Helpful
10
Replies
CreatePlease to create content