Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Need help with VPN on a existing network.

Here is the situation: We have several branch offices within our organization that are connected to our main building via a 10mb ehternet fiber connections through a county network (they used to be 56k frame). Our main building has a 3620, while the branch offices have 1605s (IOS ver. 12.0(8)). We would like to add VPN to these connections. To add better security and eliminate the NATs (the county was sparse with Ips, so we have to use overloads, which are causing us problems with network trusts). From what I have read so far the only thing additional we would need is a VPN module for the 3620 and a IOS upgrade on the 1605s. Would this be a correct assumption? Or is there more that we would need to make this happen?

Sorry for the length and thanks in advance.

8 REPLIES
Community Member

Re: Need help with VPN on a existing network.

Both the 3620 and 1605 would only need an ios upgrade

to enable VPN (IPSEC). But you have to check if your

DRAM and FLASH on the both routers can handle the new

IOS, if not... if you have to upgrade.

The VPN module for the 3620 is needed if you want

to off load the cpu processing of 3620 to the

VPN module. This makes things faster for the 3620.

Community Member

Re: Need help with VPN on a existing network.

Thanks for the info. I have two more questions. First, where could I find info regarding the requirements for a IOS upgrade? and secondly, where could I find router config info on VPN? I found some info on cisco.com, but they usually have examples on their web site, which I can not find.

Thanks again.

Community Member

Re: Need help with VPN on a existing network.

Community Member

Re: Need help with VPN on a existing network.

Thank you for the info. Unforunately I do not meet any of the requirements to sign up for that part of the web site. Anyway, I appreciate all your help.

Community Member

Re: Need help with VPN on a existing network.

Community Member

Re: Need help with VPN on a existing network.

There are a few more things I'm having trouble understanding. If we create VPN tunnels between routers,can you create "virtual circuits" on a single interface on you main router for vpn, like you would create a point-to-point virtual cricuit for frame-relay?

and once the tunnel is created between two routers, is it like having a dedicated circuit?

The next thing is, are there any service limitations over vpn? Can you have ipx and netbios traffic travel over tunnel with no problems?

Thanks in advance.

Community Member

Re: Need help with VPN on a existing network.

Regarding service limitations. Cisco VPN solutions using IPSEC is only suited to TCP/IP. To route IPX/Netbui or even apple-talk, you would have to create a GRE tunnel on your router instead of an IPSEC tunnel.

An established "tunnel" end to end is a dedicated connection.

W.r.t your first Q, YOU can use IPSEC and IKE to establish the various VPN connections on your router serial port. More than one connection is possible, it is all configured in the IOS. BUt make sure you are using TCP/IP. Why would you want to route IPX...Novell works just fine with TCP/IP.

Community Member

Re: Need help with VPN on a existing network.

I was just wondering about the IPX. There is an outside office we connect to that uses IPX, but it is the only, and we will probably not use the VPN for it, but I wanted to know either way.

As far as Netbios goes, it is the reason why we are looking into this VPN solution. I just want to make sure that this VPN solution supports all the port ranges for netbios over tcp/ip, especially 135-139 for trust relationships.

Is the GRE tunnel as secure as IPSec, or is that "open"? Or do you have to configure it to be secure?

Thank you.

146
Views
0
Helpful
8
Replies
CreatePlease to create content