VPN tunnel and Internet access with 2 Cisco 2611s
I need to setup a WAN for a company that is geographically separated. Here is a simple diagram of the layout:
http://www.work-lifeservices.com/docs/diagram.jpg.
LAN3 and LAN2 has a T1 connection to the Internet. All traffic originating from LAN3(intranet and Internet) is routed through LAN2. Each site is connected to the Internet with a Cisco 2611 router. LAN2 needs interdomain traffic to LAN3 plus LAN2 has services published on the Internet as well as users who access the Internet.
I want to set up a VPN site-to-site tunnel between LAN3 and LAN2 with the Cisco routers. Also the traffic destined to and from LAN2 and the Internet must function as well.
LAN3 will have all traffic going through the tunnel to LAN2. My question is, is it possible to use the one T1 frame connection on LAN2 to tunnel traffic to LAN3 and also allow Internet traffic to flow from LAN2 to the Internet and back? Is there a better solution? I have very short time to come up with a solution.
Im very comfortable with Cisco routers, but have never set up a site-to-site VPN with Cisco equipment. (Microsoft yes, and VPN for remote access on a PIX, but not a Cisco router)
Thank very much in advance.
Respecfully,
Bobby
http://www.work-lifeservices.com/docs/diagram.jpg.
LAN3 and LAN2 has a T1 connection to the Internet. All traffic originating from LAN3(intranet and Internet) is routed through LAN2. Each site is connected to the Internet with a Cisco 2611 router. LAN2 needs interdomain traffic to LAN3 plus LAN2 has services published on the Internet as well as users who access the Internet.
I want to set up a VPN site-to-site tunnel between LAN3 and LAN2 with the Cisco routers. Also the traffic destined to and from LAN2 and the Internet must function as well.
LAN3 will have all traffic going through the tunnel to LAN2. My question is, is it possible to use the one T1 frame connection on LAN2 to tunnel traffic to LAN3 and also allow Internet traffic to flow from LAN2 to the Internet and back? Is there a better solution? I have very short time to come up with a solution.
Im very comfortable with Cisco routers, but have never set up a site-to-site VPN with Cisco equipment. (Microsoft yes, and VPN for remote access on a PIX, but not a Cisco router)
Thank very much in advance.
Respecfully,
Bobby
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Glad to help.
2500 series are EOL. Have you check out the new 2800 series router yet? they are Security Integrated Routers (built-in VPN module) and absolutely out performed 2600 series and same price level! I did some through put test for small packet over VPN 3DES tunnel, it rocks (low CPU usage)! I can provide you those throughput test result if you are interested.
2500 series are EOL. Have you check out the new 2800 series router yet? they are Security Integrated Routers (built-in VPN module) and absolutely out performed 2600 series and same price level! I did some through put test for small packet over VPN 3DES tunnel, it rocks (low CPU usage)! I can provide you those throughput test result if you are interested.
ASKER
Absolutely. I have not ordered the router yet. Email or post?
Z
Z
Routing Performance; Platform Positioning 64 byte IP traffic only
2801 Up to 90 Kpps
2811 Up to 120 Kpps
2821 Up to 170 Kpps
Cisco 2600 Series System Specifications; based on 64-byte packets
2610/11XM 20Kpps
2620/21XM 30Kpps
2650/51XM 40Kpps
2691 70Kpps
below are from Cisco docs:
New Cisco Integrated Security Routers
Security Performance;
Cisco 3845, 1.1 Gbps F/W, 185 Mbps IPsec VPN, 425 Mbps IPS, 2500 Tunnels
Cisco 3825, 855 Mbps F/W, 175 Mbps IPsec VPN, 325 Mbps IPS, 2,000 Tunnels
Cisco 2851, 530 Mbps F/W, 145 Mbps IPsec VPN, 250 Mbps IPS, 1500 Tunnels
Cisco 2821, 455 Mbps F/W, 140 Mbps IPsec VPN, 200 Mbps IPS, 1500 Tunnels
Cisco 2811, 130 Mbps F/W, 130 Mbps IPsec VPN, 70 Mbps IPS, 1500 Tunnels
Cisco 2801, 127 Mbps F/W, 100 Mbps IPsec VPN, 65 Mbps IPS, 1500 Tunnels
Cisco 1841, 125 Mbps F/W, 95 Mbps IPsec VPN, 60 Mbps IPS, 800 Tunnels
Firewall performance is with NAT and logging enabled. IPS Branch scenario when tested with optimal traffic conditions.
let me know if you need more info (leave your email).
2801 Up to 90 Kpps
2811 Up to 120 Kpps
2821 Up to 170 Kpps
Cisco 2600 Series System Specifications; based on 64-byte packets
2610/11XM 20Kpps
2620/21XM 30Kpps
2650/51XM 40Kpps
2691 70Kpps
below are from Cisco docs:
New Cisco Integrated Security Routers
Security Performance;
Cisco 3845, 1.1 Gbps F/W, 185 Mbps IPsec VPN, 425 Mbps IPS, 2500 Tunnels
Cisco 3825, 855 Mbps F/W, 175 Mbps IPsec VPN, 325 Mbps IPS, 2,000 Tunnels
Cisco 2851, 530 Mbps F/W, 145 Mbps IPsec VPN, 250 Mbps IPS, 1500 Tunnels
Cisco 2821, 455 Mbps F/W, 140 Mbps IPsec VPN, 200 Mbps IPS, 1500 Tunnels
Cisco 2811, 130 Mbps F/W, 130 Mbps IPsec VPN, 70 Mbps IPS, 1500 Tunnels
Cisco 2801, 127 Mbps F/W, 100 Mbps IPsec VPN, 65 Mbps IPS, 1500 Tunnels
Cisco 1841, 125 Mbps F/W, 95 Mbps IPsec VPN, 60 Mbps IPS, 800 Tunnels
Firewall performance is with NAT and logging enabled. IPS Branch scenario when tested with optimal traffic conditions.
let me know if you need more info (leave your email).
ASKER
I think I got approval for two of the new 2811s. If so I will use the config you sent me as a guide to setting up the VPN. Thanks for your help Magic!
Z
Z
ASKER
Once again thanks!! I don't know what to say..this is too cool.
Respectfully,
Bobby-aka "Z"