Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Internet and Remote network

i have one local site with the LAN (172.16.0.0) and local site is connected witht the remote site, both the ends are connected with ADSL and having router at both the site. Remote site having LAN (10.0.0.0) now i want to access the remote LAN hosts as well as internet at the same time from local office...

LAN 172.16.0.0---routerA----ADSL----RouterB---LAN 10.0.0.0

how can i do this?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Internet and Remote network

For GRE Tunnel

Office Router WAN Public IP Address = a.b.c.2, Gateway = a.b.c.1

Remote Router WAN Interface Public IP Address = w.x.y.2, Gateway w.x.y.1

Since you're using 72.16.0.0/12 and 10.0.0.0/8, we will use 192.168.0.0/16 fro Tunnel IP

1. Office

!

interface tunnel0

ip address 192.168.0.1 255.255.255.252

tunnel source a.b.c.2

tunnel destination w.x.y.2

keepalive 5 4

ip mtu 1500

!

ip subnet-zero

!

ip classless

ip route 0.0.0.0 0.0.0.0 a.b.c.1

ip route 10.0.0.0 255.0.0.0 tunnel0

2. Remote

!

interface tunnel0

ip address 192.168.0.2 255.255.255.252

tunnel source w.x.y.2

tunnel destination a.b.c.2

keepalive 5 4

ip mtu 1500

!

ip subnet-zero

!

ip classless

ip route 0.0.0.0 0.0.0.0 w.x.y.1

ip route 172.0.0.0 255.240.0.0 tunnel0

15 REPLIES
Silver

Re: Internet and Remote network

Hi Dave

This link is specific to your requirement

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949ef.shtml

HTH

Hoogen

Do rate if this helps out :)

Re: Internet and Remote network

New Member

Re: Internet and Remote network

i want simple configuration

will you please give me some basic confiuration?

Re: Internet and Remote network

1. Does both site (office and remote) has a static assigned Public IP Address from your internet provider(s)?

2. Does both router IOS capable of running IPSEC and or IP GRE?

New Member

Re: Internet and Remote network

yes,

i had only single static public IP address.

and IOS is capable of IP GRE.

New Member

Re: Internet and Remote network

is it possible to establish gre tunnel between both the site and forwarding only private ip address data to the tunnel using static route and for othere internet traffice we can use that default router which is pointing to the real ip of interface or to the default gateway of the isp.

Re: Internet and Remote network

Yes its possible. For example you build a GRE Tunnel0, your routing will be like this

Office (RouterA):

ip route 0.0.0.0 0.0.0.0 ip_address_of_isp_router_facing_routerA

ip route 10.0.0.0 255.0.0.0 Tunnel0

Remote (RouterB):

ip route 0.0.0.0 0.0.0.0 ip_address_of_isp_router_facing_routerB

ip route 172.16.0.0 255.240.0.0 Tunnel0

You can use the link previously provided to build GRE Tunnel, else if you want a configuration sample that suit your environment, we need you to post your configuration (remove confidential information like password, and change the first and second octet of the public ip address to xxx.yyy)

New Member

Re: Internet and Remote network

thank you expert,

right now i am configuring the same using GRE but i thing in LAN switching forum RAJ replied me with IPSEC so i will try to move on it slowly. but your advise help me a lot in configuration thank you very much.

I really appriciate your help and support, i also appriciate all the exper and member of the discussion forum for their knowledge sahring.

thank you very much again

Re: Internet and Remote network

Since your router does not support IPSEC, you can try GRE first. Once its working, you can justify to put some $$$ to upgrade to IOS that support IPSEC so that the tunnel is secure :)

New Member

Re: Internet and Remote network

when confiugring GRE? what ip address i should use to configure the tunnel interface ip address? it must be private ip address and i should use tunnel source as the Global IP address which is already configure to my one the the interface which is facing towards the ISP? am i right or wrong?

please provide me both end solution as well as same for IP sec VPN...

Re: Internet and Remote network

Use as source the wan interface facing internet configured with public ip address of the local router. Use as destination the configured public ip address of the wan interface facing internet of the remote router.

It would be easier if you provide us the configuration of at least the interface facing internet for both routers (including routing configuration) as there is a configuration difference for dsl service for some countries.

New Member

Re: Internet and Remote network

hi medan,

i dont how any configuration but i have to start configure the both end router after two days. so please send me some example's configuration.

Re: Internet and Remote network

For GRE Tunnel

Office Router WAN Public IP Address = a.b.c.2, Gateway = a.b.c.1

Remote Router WAN Interface Public IP Address = w.x.y.2, Gateway w.x.y.1

Since you're using 72.16.0.0/12 and 10.0.0.0/8, we will use 192.168.0.0/16 fro Tunnel IP

1. Office

!

interface tunnel0

ip address 192.168.0.1 255.255.255.252

tunnel source a.b.c.2

tunnel destination w.x.y.2

keepalive 5 4

ip mtu 1500

!

ip subnet-zero

!

ip classless

ip route 0.0.0.0 0.0.0.0 a.b.c.1

ip route 10.0.0.0 255.0.0.0 tunnel0

2. Remote

!

interface tunnel0

ip address 192.168.0.2 255.255.255.252

tunnel source w.x.y.2

tunnel destination a.b.c.2

keepalive 5 4

ip mtu 1500

!

ip subnet-zero

!

ip classless

ip route 0.0.0.0 0.0.0.0 w.x.y.1

ip route 172.0.0.0 255.240.0.0 tunnel0

Re: Internet and Remote network

For IPSEC

When you already have the IOS that is capable of running IPSEC, you need to remove the GRE Tunnel first.

1. Office

!

no interface tunnel0

!

no ip route 10.0.0.0 255.0.0.0 tunnel0

!

crypto isakmp policy 3

authentication pre-share

!

crypto isakmp key trinity address w.x.y.2 no-xauth

!

crypto ipsec transform-set NEO esp-des esp-sha-hmac

!

crypto map TheMatrix 1 ipsec-isakmp

set peer w.x.y.2

set transform-set NEO

set pfs group1

match address 101

!

access-list 101 permit ip 172.16.0.0 0.240.255.255 10.0.0.0 0.255.255.255

!

interface wan_interface_facing_internet

ip address a.b.c.2 255.255.255.252

crypto map TheMatrix

2. Remote

!

no interface tunnel0

!

no ip route 172.16.0.0 255.240.0.0 tunnel0

!

crypto isakmp policy 3

authentication pre-share

!

crypto isakmp key trinity address a.b.c.2 no-xauth

!

crypto ipsec transform-set NEO esp-des esp-sha-hmac

!

crypto map TheMatrix 1 ipsec-isakmp

set peer a.b.c.2

set transform-set NEO

set pfs group1

match address 101

!

access-list 101 permit ip 10.0.0.0 0.255.255.255 172.16.0.0 0.240.255.255

!

interface wan_interface_facing_internet

ip address w.x.y.2 255.255.255.252

crypto map TheMatrix

New Member

Re: Internet and Remote network

i have a question related to this. i have my router setup with an ipSec over GRE tunnel. i want to setup my router to act as a l2tp vpn server without having to remove the tunnels. how can i go about doing that?

-rob

136
Views
32
Helpful
15
Replies
CreatePlease to create content