Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Beginner in site to site vpn implementation

can someone tell me a good book to start wid vpn's...


Re: Beginner in site to site vpn implementation

Try the following...

Good luck and hope it helps. Please rate posts if helps your question.

New Member

Re: Beginner in site to site vpn implementation

Hi guyz, i have a couple of queries regarding this technology and how they usually implement.. I may sound stupid but i have no other option but to ask... :-) first of all, i'd like to mention that its our org's best practice that we use two cisco 831 routers at the customer premises and then terminate this at the headend 7206 router in the data centre. we have been sent the bootstrap config to tftp to the 2 c831 routers.

the initial configs for these 2 routers are keyed into the ISC server in data centre. The first C831 acts as a internet screening router and blocks internet attacks. the second router is the router that connects to the LAN segment of the customer network and also acts ad a VPN router. so last night, we tried bringing up the tunnel. first we turned on the screening router. this connected back thru our adsl line to the ISC server in the data centre and downloaded its initial config. then we turned on the vpn router and even this router pulled its initial config from the ISC server. but the certification process failed on vpn router. so a couple of steps were used to figure out what the problem is.

Like checking the clock synchronization. then did a debug crypto pki trans and messages. debug ip http server etc. frm wat we got to knw was dat ip packets r generated from the vpn router, reaches the isc server and on its way back goes to another IP that we r not aware of. does dis hav anything to do with Natting from the ISP side. we r using dynamic addressing from the ISP.

another question i have is, that the configs i was sent includes ip addresses for E0 interface. but there's no E0 interface physicall present on the router. but when i do a sh ip int brief, it shows me E0,E1 and four fast eth interfaces. But physically, only E1 and 4 fast eth's exist. Is this a common thing in this series of routers. could this hav something to do with the problem we r facing? oh im soo confused...

CrearPor favor para crear contenido