Solved

5300->3600 VPN

Posted on 2002-07-26
6
232 Views
Last Modified: 2010-04-17
I have an urgent situation in which I had a block of IP's in a remote location, but now I only have one on the serial interface on the edge.  My problem is I still need my PC's and 5300's to be able to access all of the equipment behind the 3600 on the remote end.

Do I have to set up a VPN for this, or is there a way I can set up a private IP block behind the remote 3600 and have the local 5300's route to there via routing commands some how knowing to hop off the one private IP I have
0
Comment
Question by:jason987
  • 4
  • 2
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 7181443
VPN is certainly one way to go. You could use GRE tunnels to do the same thing without the encryption overhead if security if not your main concern.
Either way, you create a virtual "tunnel" between the Remote router's Ethernet interface and your router's Ethernet interface, so the routing of public/private IP addresses go through the tunnel and not across the internet to get lost.
Without knowing more details, I don't know what else to tell you.
The routing is easliy handled with route-maps. I'm assuming that the 3600 is doing some NAT, so you have to build rules to exclude source/destination pairs from being nat'd before they go through the tunnel...
Using GRE tunnels, all you need is basic IP feature set. IPSEC (encrypting the data inside the tunnel) will require IPSEC feature set everywhere, plus possible memory upgrades, etc.
If it is only two sites, it would be a piece of cake.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7201871
Have any of these comments been of any help to you? Do you need more information?
0
 
LVL 5

Author Comment

by:jason987
ID: 7201888
Yes, it helps in theory, but I looked at the docs and couldn't find an easily workable model.


What I would like  to do is this:

network a:  192.168.1.1, external public IP say 1.2.3.4
netowrk B:  external public  1.2.2.1  internals are /24

Object VPN (minimal security) at network A in which I can take part of the 1.2.2.x block and assign them, to network B.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 79

Accepted Solution

by:
lrmoore earned 200 total points
ID: 7201917
Assuming you have internal network 192.168.3.0 / 24 at B..
Internal network A = 192.168.1.x
Tunnel 0 network = 192.168.2.x
Internal network B = 192.168.3.x

http://www.cisco.com/warp/customer/707/quicktip.html

Site A router:

Create a virtual GRE Tunnel between the external interfaces:
!-- This is one end of the GRE tunnel.

interface Tunnel0
ip address 192.168.2.1 255.255.255.0

!-- The far end will be 192.168.2.2/24
!
!-- Associate the tunnel with the physical interface.
tunnel source Ethernet0/1
tunnel destination 1.2.2.1 <outside of SiteB>

!-- This is the inside interface.
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface Serial 0/1
ip address 1.2.3.4 255.255.255.0
ip nat outside
!
!-- Define the NAT pool.
ip nat pool ourpool 1.2.3.10 1.23.20 netmask 255.255.255.0
ip nat inside source route-map nonat pool ourpool overload

ip classless
ip route 0.0.0.0 0.0.0.0 1.2.3.5
!
!-- Force the private network traffic into the tunnel.
ip route 192.168.3.0 255.255.255.0 192.168.2.2
no ip http server
!
!
!-- Use access list and route-map to address what to NAT.
access-list 175 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 175 permit ip 192.168.1.0 0.0.0.255 any
!
!-- The route-map addresses what to NAT.
route-map nonat permit 10
match ip address 175
0
 
LVL 5

Author Comment

by:jason987
ID: 7204104
Thanks that give me a good direction to go.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7204258
Glad to help!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now