Here is the situation: We have several branch offices within our organization that are connected to our main building via a 10mb ehternet fiber connections through a county network (they used to be 56k frame). Our main building has a 3620, while the branch offices have 1605s (IOS ver. 12.0(8)). We would like to add VPN to these connections. To add better security and eliminate the NATs (the county was sparse with Ips, so we have to use overloads, which are causing us problems with network trusts). From what I have read so far the only thing additional we would need is a VPN module for the 3620 and a IOS upgrade on the 1605s. Would this be a correct assumption? Or is there more that we would need to make this happen?
Thanks for the info. I have two more questions. First, where could I find info regarding the requirements for a IOS upgrade? and secondly, where could I find router config info on VPN? I found some info on cisco.com, but they usually have examples on their web site, which I can not find.
There are a few more things I'm having trouble understanding. If we create VPN tunnels between routers,can you create "virtual circuits" on a single interface on you main router for vpn, like you would create a point-to-point virtual cricuit for frame-relay?
and once the tunnel is created between two routers, is it like having a dedicated circuit?
The next thing is, are there any service limitations over vpn? Can you have ipx and netbios traffic travel over tunnel with no problems?
Regarding service limitations. Cisco VPN solutions using IPSEC is only suited to TCP/IP. To route IPX/Netbui or even apple-talk, you would have to create a GRE tunnel on your router instead of an IPSEC tunnel.
An established "tunnel" end to end is a dedicated connection.
W.r.t your first Q, YOU can use IPSEC and IKE to establish the various VPN connections on your router serial port. More than one connection is possible, it is all configured in the IOS. BUt make sure you are using TCP/IP. Why would you want to route IPX...Novell works just fine with TCP/IP.
I was just wondering about the IPX. There is an outside office we connect to that uses IPX, but it is the only, and we will probably not use the VPN for it, but I wanted to know either way.
As far as Netbios goes, it is the reason why we are looking into this VPN solution. I just want to make sure that this VPN solution supports all the port ranges for netbios over tcp/ip, especially 135-139 for trust relationships.
Is the GRE tunnel as secure as IPSec, or is that "open"? Or do you have to configure it to be secure?
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...