Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
315
Views
0
Helpful
2
Replies

Beginner VPN

Go to solution
dcianci
Level 1
Level 1

‎07-30-2003 12:46 AM - edited ‎02-21-2020 12:41 PM

I'm looking to do a site-to-site VPN with 2600 routers. For the sake of understanding VPNs better, what should I begin with. I have tutorials on several topics, but all of which assume I have the basic tunnel already created. It seems that GRE might be the first step.

Thanks~

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jamey
Level 4
Level 4

‎07-30-2003 09:53 AM

You don't need to use GRE tunnels. GRE tunnels are typically used to route other protocols (like IPX) over TCP/IP networks.

A basic Router to Router VPN config:

crypto isakmp policy 1

authentication pre-share

crypto isakmp key SOMEPASSWORD address IP ADDRESS OF REMOTE PEER

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto map myvpn ipsec-isakmp

set peer IP ADDRESS OF REMOTE PEER

set transform-set myset

match address 170

interface X

ip address x.x.x.x x.x.x.x

crypto map myvpn

access-list 170 permit ip SOURCE NETWORK DESTINATION NETWORK

The access list 170 should define what traffic will be encrypted.

Be sure to put the crypto map myvpn on the incoming interface of the router (typically the interface connected to the Internet)

Do the same config on the other router (swapping the source network and destination network in the access list 170 appropriately).

Also check out:

http://www.cisco.com/cgi-bin/Support/browse/psp_view.pl?p=Internetworking:IPSec&s=Implementation_and_Configuration

View solution in original post

0 Helpful
2 Replies 2

Go to solution
jamey
Level 4
Level 4

‎07-30-2003 09:53 AM

You don't need to use GRE tunnels. GRE tunnels are typically used to route other protocols (like IPX) over TCP/IP networks.

A basic Router to Router VPN config:

crypto isakmp policy 1

authentication pre-share

crypto isakmp key SOMEPASSWORD address IP ADDRESS OF REMOTE PEER

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto map myvpn ipsec-isakmp

set peer IP ADDRESS OF REMOTE PEER

set transform-set myset

match address 170

interface X

ip address x.x.x.x x.x.x.x

crypto map myvpn

access-list 170 permit ip SOURCE NETWORK DESTINATION NETWORK

The access list 170 should define what traffic will be encrypted.

Be sure to put the crypto map myvpn on the incoming interface of the router (typically the interface connected to the Internet)

Do the same config on the other router (swapping the source network and destination network in the access list 170 appropriately).

Also check out:

http://www.cisco.com/cgi-bin/Support/browse/psp_view.pl?p=Internetworking:IPSec&s=Implementation_and_Configuration

0 Helpful

Go to solution
dcianci
Level 1
Level 1
In response to jamey

‎07-30-2003 11:06 PM

Wonderful. I see what I was missing. Thank you very much. Much more than I expected.

No tunnels per se, but just encrypt traffic. (Which would be a tunnel... :) Big Aha...

Thanks again

0 Helpful
Customers Also Viewed These Support Documents