Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

5300->3600 VPN

Posted on 2002-07-26
6
Medium Priority
?
244 Views
Last Modified: 2010-04-17
I have an urgent situation in which I had a block of IP's in a remote location, but now I only have one on the serial interface on the edge.  My problem is I still need my PC's and 5300's to be able to access all of the equipment behind the 3600 on the remote end.

Do I have to set up a VPN for this, or is there a way I can set up a private IP block behind the remote 3600 and have the local 5300's route to there via routing commands some how knowing to hop off the one private IP I have
0
Comment
Question by:jason987
  • 4
  • 2
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 7181443
VPN is certainly one way to go. You could use GRE tunnels to do the same thing without the encryption overhead if security if not your main concern.
Either way, you create a virtual "tunnel" between the Remote router's Ethernet interface and your router's Ethernet interface, so the routing of public/private IP addresses go through the tunnel and not across the internet to get lost.
Without knowing more details, I don't know what else to tell you.
The routing is easliy handled with route-maps. I'm assuming that the 3600 is doing some NAT, so you have to build rules to exclude source/destination pairs from being nat'd before they go through the tunnel...
Using GRE tunnels, all you need is basic IP feature set. IPSEC (encrypting the data inside the tunnel) will require IPSEC feature set everywhere, plus possible memory upgrades, etc.
If it is only two sites, it would be a piece of cake.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7201871
Have any of these comments been of any help to you? Do you need more information?
0
 
LVL 5

Author Comment

by:jason987
ID: 7201888
Yes, it helps in theory, but I looked at the docs and couldn't find an easily workable model.


What I would like  to do is this:

network a:  192.168.1.1, external public IP say 1.2.3.4
netowrk B:  external public  1.2.2.1  internals are /24

Object VPN (minimal security) at network A in which I can take part of the 1.2.2.x block and assign them, to network B.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 79

Accepted Solution

by:
lrmoore earned 800 total points
ID: 7201917
Assuming you have internal network 192.168.3.0 / 24 at B..
Internal network A = 192.168.1.x
Tunnel 0 network = 192.168.2.x
Internal network B = 192.168.3.x

http://www.cisco.com/warp/customer/707/quicktip.html

Site A router:

Create a virtual GRE Tunnel between the external interfaces:
!-- This is one end of the GRE tunnel.

interface Tunnel0
ip address 192.168.2.1 255.255.255.0

!-- The far end will be 192.168.2.2/24
!
!-- Associate the tunnel with the physical interface.
tunnel source Ethernet0/1
tunnel destination 1.2.2.1 <outside of SiteB>

!-- This is the inside interface.
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface Serial 0/1
ip address 1.2.3.4 255.255.255.0
ip nat outside
!
!-- Define the NAT pool.
ip nat pool ourpool 1.2.3.10 1.23.20 netmask 255.255.255.0
ip nat inside source route-map nonat pool ourpool overload

ip classless
ip route 0.0.0.0 0.0.0.0 1.2.3.5
!
!-- Force the private network traffic into the tunnel.
ip route 192.168.3.0 255.255.255.0 192.168.2.2
no ip http server
!
!
!-- Use access list and route-map to address what to NAT.
access-list 175 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 175 permit ip 192.168.1.0 0.0.0.255 any
!
!-- The route-map addresses what to NAT.
route-map nonat permit 10
match ip address 175
0
 
LVL 5

Author Comment

by:jason987
ID: 7204104
Thanks that give me a good direction to go.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7204258
Glad to help!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question