Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Adding a 3rd site to existing 876 VPN routers

Greetings,

I have 2 876 routers which connect trough a GRE IPsec tunnel. Also the routers by default use the ISDN port as backup in case the DSL fails.

I have 2 questions

a. If a add a 3rd site do i need to configure a separate GRE tunnel/crypto map etc or just add the details of the 3rd site to my existing config?

b. I saw that through SDM i only have the option of inserting the 'dial string' of the remote site. In this scenario i need to configure dialer map for each remote site. Will it work in 876 so that the central site dial to 2 separate destinations?

Please repply if you have any info because i am troubled if i need to keep 876 for my central site or upgrade to 1841 model, which is quite expensive.

many thanks

themis

2 REPLIES
Bronze

Re: Adding a 3rd site to existing 876 VPN routers

Hello,

876 routers support 10 ipsec tunnels so you won't need to upgrade.

To configure the new site then just add it as a seperate VPN tunnel. I imagine you'll want to create a mesh? You can then setup your routing layer to reflect your chosen topology.

Thanks

New Member

Re: Adding a 3rd site to existing 876 VPN routers

Greetings and thanks gor your quick reply. I feel puzzled in 2 things.

1.My current tunnel from central to site 1 is in subnet 10.0.0.X /255.255.255.252(i.e 10.0.0.1 and .2)

Can the new tunnel for site 2 be 10.0.0.3-4 or a new subnet e.g. 11.0.0.1-2 is required?

2. I run 'show startup config' and found 2 crypto isakamp policys. See below (i have removed the real ip addresses with x1, x2,x3). How can i check which one is currently used?

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp policy 2

encr 3des

group 2

crypto isakmp key xxxxx address x1

crypto isakmp key xxxxx address x2

crypto isakmp key xxxxx address x3

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel to x2

set peer x2

set transform-set ESP-3DES-SHA

match address 100

!

interface Tunnel1

ip address 10.0.0.1 255.255.255.252

qos pre-classify

keepalive 1 3

tunnel source Dialer1

tunnel destination x2

!

!

interface Dialer1

description $FW_OUTSIDE$

ip address xxxxxx 255.255.255.0

ip access-group 107 in

ip nat outside

ip inspect SDM_MEDIUM out

ip virtual-reassembly

encapsulation ppp

dialer pool 2

dialer-group 2

no cdp enable

ppp authentication xxxx

ppp chap hostname xxxxx

ppp chap password 7 xxxxx

ppp pap sent-username xxxxxx password 7 xxxx

crypto map SDM_CMAP_1

I need to do this setup on an already configured router and my experience is basic so please be as descriptive as possible.

Again, thanks for your time :)

regards,

themis

117
Views
0
Helpful
2
Replies