Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Point to Mulitpoint VPN

I am looking into doing a point to multipoint vpn using 1760 routers at my remote office and a 2651xm at the central site. My question is lets say I have 7 remote site do I need 7 connections on my 2651? Or can I use just my one external interface? Is there a doc on this

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Point to Mulitpoint VPN

Hi,

Here are the URLs that explains how to set up IPSec between Hub and Spokes.

http://www.cisco.com/warp/public/707/ios_hub-spoke.html

http://www.cisco.com/warp/public/707/ios_hub_spoke2.html

Regards,

Arul

3 REPLIES
Community Member

Re: Point to Mulitpoint VPN

Hi,

You only need one external interface at the 2651. I believe there is a document at CCO on how to setup a hub and spoke design with cisco routers.

Regards,

Engel

Cisco Employee

Re: Point to Mulitpoint VPN

Hi,

Here are the URLs that explains how to set up IPSec between Hub and Spokes.

http://www.cisco.com/warp/public/707/ios_hub-spoke.html

http://www.cisco.com/warp/public/707/ios_hub_spoke2.html

Regards,

Arul

Cisco Employee

Re: Point to Mulitpoint VPN

I need to implement much the same but with PIX.

I need to enable VPN access from commuters and personel from other company.

I need to provide different "profiles" in a way that people from different company can only access dedicated server.

At the moment I've implemented the access for company's remote users , but I'm confused about the further configuration needed for external people

Following the configuration made so far

access-list vpn-nonat permit ip 10.0.0.0 255.255.255.0 10.1.0.0 255.255.255.0

ip local pool VPN-POOL 10.1.0.100-10.1.0.254

nat (inside) 0 access-list vpn-nonat

aaa-server partnerauth protocol radius

aaa-server partnerauth (inside) host 10.0.0.8 aaaaaaaaaa timeout 10

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set my-set esp-des esp-sha-hmac

crypto dynamic-map my-dynmap 10 set transform-set my-set

crypto map my-map 10 ipsec-isakmp dynamic my-dynmap

crypto map my-map client configuration address initiate

crypto map my-map client configuration address respond

crypto map my-map client authentication partnerauth

crypto map my-map interface outside

isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup VPN address-pool VPN-POOL

vpngroup VPN dns-server 10.0.0.3

vpngroup VPN wins-server 10.0.0.3

vpngroup VPN default-domain xxx.com

vpngroup VPN idle-time 1800

vpngroup VPN password xxxxxxxxxxxxxxxx

92
Views
0
Helpful
3
Replies
CreatePlease to create content