I am a teleworker. At my home I have ADSL connection with Modem, Cisco 871 security bundle router (1 wan, 4 lan). I want to configure Site to Site IPSEC for accessing Corporate data from my pc only on utp. And want other users at my home to access internet simultaneously on utp. I only have one subnet on LAN /24. Should i break subnet and connect adsl lan port to router wan port. Configure IPSEC for /25 and other / 25 access internet. Look forward for revert with router configuration. And a low level design. Thanks for the support.
If you are the network administrator, configure the crypto-map ACL so that only traffic for the hub goes into the VPN (split tunnel).
If you are not, contact him/her for assistance.
Thanks I am the administrator. Can you provide sample configuration of remote cpe (871) & Central Router (6500 switch). I will do necessary conf at remote cpe and ask for conf at 6500. As i am a new bie and understand little configuration.
This is a bit beyond beginner's skills so I'd suggest you hire a qualified technician for the job.
Also you need a router or ASA at the hub, the switch doesn't do this.
Thanks for the Input. I will ask my IT staff for conf at ASA / Router. As i am home user i will not be able to hire anybody. request if you could share the cpe (871) and ASA configuration i will try and implement. The home configuration is as follow:
1. LAN IP's :192.168.1.0 /24
2. WAN IP Public: Dynamic Single IP.
3. Corporate Static WAN IP.
User's on Internet from my home get same ip and simultaneous session. I believe ISP has applied PAT at the gateway. Request you again if you could share configuration for accessing Internet direct from Home DSL & IPSEC Site to site VPN from CPE Router (871 security Bundle).
Hire simple means pay someone to configure and test a network for you.
You evidently have too little networking experience to undertake the task yourself.
If you want ready examples use the searchbix for in the top right corner, but be prepared to loose many hours due to the reason above.
I see that the frustration for being told things as they are has prevailed over fairness and respect to true professionals, hence the undue rating of "1" to me.
You can go around and around, either study to understand things, or pay others to get things done for you.
You wanted instead an easy way out that doesn't exist.
I never rated you. Thanks for the advice which you gave in 1st post about map crypto acl.
Its my home network so i should carry myself, I will hire if i fail. But I will try 1st. I never want shortcuts as stated by you: "You wanted instead an easy way out that doesn't exist".
Thanks for support.
Why not just use the Cisco VPN Software client?
I would think long and hard before using a hardware VPN client. Not that i'm against it, i use one (871) myself. With all due respect if you are not experienced enough to configure / setup this up then you're not in a position to understand the risks of doing so.
Any company that has a clue has a policy against hardware vpn clients. If they do allow it it's typically pre-configured / plug-n-play device that sits on your LAN and tunnels through the ISP's modem.