Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Long-term VPN solution?

Hello, all...

I'm a VPN beginner interested in setting up a permanent VPN connection between two facilities. I have a 1720 router on one side. Would it be best to assume that a second 1720 router at the other end would provide the best result?

Is it a bad idea to use long-term VPN links?

Also, are there any security pitfalls particular to the 1720 that I have to watch out for in doing this?

Many thanks!

3 REPLIES

Re: Long-term VPN solution?

Hi,

You need to make sure the IOS you are using for the 1720 is supporting VPNs.

This can be checked using "sh ver": the name of the IOS file must include K9 keyword.

The show ver will aslo show the type of encryption available: AES, 3DES.

On the other end you can have any device, from 800 series, 1700 series, 1800 series, 2800 series and so on. You can also have ASAs firewalls.

VPN is fine for the long term, and the AES encryption is considered very secure.

For a build guide:

http://cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080194650.shtml

Please rate if this helped.

Regards,

Daniel

New Member

Re: Long-term VPN solution?

Daniel,

I have a question about a long term VPN I'm running, linking two of my sites like this, with a PIX and ASA.

I want it to stay up forever. Do you know if the tunnel absolutely has to renegotiate after a certain number of hours in operation or something like that? We have a server process running across the link to some devices (like a similated serial link). If the network resets, it kills the process.

Hall of Fame Super Gold

Re: Long-term VPN solution?

Sally

It is my understanding that an essential part of the IPSec implementation is the concept of the lifetime of the Security Association and so yes it is essential for the tunnel to renegotiate. In my experience usually the negotiation of a new SA takes place before the existing SA expires and the transition should be transparent. Is that not the case for your VPN?

HTH

Rick

152
Views
10
Helpful
3
Replies
CreatePlease to create content