Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN between remote router and headend VPN3000

Is it possible to set up a VPN between a remote router and a headend VPN3000 whereby all traffic (traffic destined for the central office as well as traffic destined for the Internet) from the remote end comes in to the VPN3000.

That is, the remote router will not be split tunneling. I believe this scenario is possible in a router to router setup, but would like to know if it is possible in a router to VPN3000 setup.

Chris

2 REPLIES
Cisco Employee

Re: VPN between remote router and headend VPN3000

This is the 3rd time I've answered this post and my browser keeps locking up when I try to post it, so if it doesn't work this time I give up :-)

Yes, you can do this. Put the Private filter on the Public interface, cause you'll have unencrypted packets coming from the Internet now. Add an Access Control List under the Admin section so that only your internal network can browse to your admin GUI just to be more secure.

On the router your crypto ACl will be something like:

> access-list 100 permit ip 10.1.1.0 0.0.0.255 any

On the 3000 put 0.0.0.0/255.255.255.255 and 10.1.1.0/0.0.0.255 as your Local and Remote Networks respectively in the L2L configuration.

Run 3.5 or higher on the 3000 cause older versions complained about the 0.0.0.0 as a network in the L2L section.

Cisco Employee

Re: VPN between remote router and headend VPN3000

Yeehah, finally.

201
Views
0
Helpful
2
Replies