Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 2600 to 2600 VPN or Tunnel?

Hello,

I am attempting to determine if the following is possible and if it is, can anyone help me out?

I have two Cisco 2620 routers that are connected via a Frame Relay circuit. I route IP traffic through them as well as VoIP. On "Router1" I have a point-to-point connection to the Internet and on "Router2" I have an ADSL WIC connected to a ISP. What I'd like to do is use the Internet as a "failover" connection so that if my Frame Relay connection ever goes down, I can use the Internet as my "DBU", but instead this wouldn't dial up since it is ADSL and not ISDN or some other dial up scheme.

From all the docuementation I've read, I have come up to a dead end. I don't know if I need a PIX firewall or a VPN module in my routers or ? I don't have the funds to purchase much equipment, so I was hoping to do this with the routers I already have. I have found a Cisco document entitled "Cisco - Configuring IPSec with EIGRP and IPX Using GRE Tunneling" While this document comes close to what I'm trying to do it falls short.

1 REPLY

Re: Cisco 2600 to 2600 VPN or Tunnel?

How does this one sound:

router1

!

int s0/0

description connection to internet

ip add 1.1.1.1 255.255.255.0

!

int s0/1

description connection to frame

ip add 3.3.3.3 255.255.255.0

!

int tunnel0

description GRE tunnel over internet

tunnel source 1.1.1.1

tunnel destination 2.2.2.2

ip add 12.12.12.12 255.255.255.0

bandwidth x or delay x (to make metrics higher than over internet)

!

router eigrp 1

network 3.0.0.0

network 12.0.0.0

network 172.16.0.0

no auto

distance 91 12.12.12.13 0.0.0.0 99 (if don't use delay/bandwidth, set admin distance from routes learned from acl 99 on tunnel as 91, higher than frame's default AD of 90)

or

offset-list 99 in 20 tunnel0 (if don't use any other method to change routing path, use offset-list to change the delay higher - eg 20)

!

access-list 99 permit 10.0.0.0 0.255.255.255 (your router2's internal networks)

router2

!

int s0/0

description connection to internet

ip add 2.2.2.2 255.255.255.0

!

int s0/1

description connection to frame

ip add 3.3.3.4 255.255.255.0

!

int tunnel0

description GRE tunnel over internet

tunnel source 2.2.2.2

tunnel destination 1.1.1.1

ip add 12.12.12.13 255.255.255.0

bandwidth x or delay x

!

router eigrp 1

network 3.0.0.0

network 12.0.0.0

network 10.0.0.0

no auto

distance 91 12.12.12.12 0.0.0.0 99 or offset-list 99 in 20 tunnel0

!

access-list 99 permit 172.16.0.0.0 0.0.255.255 (your router1's internal networks)

Just make sure delay or bandwidth (the preferred method is delay, not bandwidth, but bandwidth is possible) aren't set too high or the routes won't be placed in the eigrp topology table (ie make sure the routers still see the backup internet routes as feasible successors).

Neither router has a route to the others public IP (facing the internet) so to reach that tunnel destination, it will send packets over the internet.

Add the IPsec config as needed (only neeed IOS that supports IPSec, don't need firewall or VPN devices).

Hope it helps.

Steve

226
Views
5
Helpful
1
Replies
CreatePlease to create content