• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1315
  • Last Modified:

Cisco 1760 - IPSec Tunnel

Hi All,

I have asked to configure a site to site tunnel for the network and am getting a lot of mixed information about it.

I have a Cisco 1760 - without the VPN Module.  I assumed this would be the end of it, and that we would need that module, but I found this -> http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080194650.shtml <- which seems to suggest it is possible without that Module.

Incidentally, this tunnel is not going to be doing much work - heavy load seems the be the only reason for the VPN module (correct me if I am wrong!)

So, to kick-start what is not doubt going to be 10 (individual EE) Questions from me;

CAN my 1760 handle this site to site IPSec VPN as it is now?

The other end is a Checkpoint something with the following confusion :)
Version:      NG AI R55 HFA 09
Transforms:      ESP 3DES
ISA Timers:      IKE=....; IPSEC=....

Thanks in advance - 500 points cause I am in a hurry for a change :)

-red
0
redseatechnologies
Asked:
redseatechnologies
  • 6
  • 4
  • 4
2 Solutions
 
JFrederick29Commented:
Correct, the VPN module offloads encryption from the main processor so if you are pushing heavy traffic through the tunnel, your router CPU won't be tied up doing encryption.  Essential for high volumes of IPSEC traffic but you can get away without it.

First off, you need to make sure the 1760's IOS supports IPSEC.  You need an IOS with IPSEC support to configure VPN's.  You can use the "Software Advisor" tool on Cisco's site if you have a CCO account, if not, post your IOS version and someone here can verify it has IPSEC support.

Seeing as the Checkpoint Firewall supports IPSEC, you shouldn't have a problem establishing a tunnel between the two.
0
 
redseatechnologiesAuthor Commented:
Thanks for the response JFrederick29,

I have IOS version 12.4

The router is relatively new, ~6 months, so I assume it is a recent, if not the latest IOS for this router.

Will that IOS Support IPSEC?

Thanks again

-red
0
 
JFrederick29Commented:
It's the feature set that dictates whether it will support IPSEC or not, i.e. advanced IP services, advanced enterprise services, etc...
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Scotty_ciscoCommented:
do a show flash and post the c1700.x.x.x info and that will tell us if you can encrytp the data or not..  BTW encryption hits the router CPU hard without the card so what is more important encryption or performance?

Thanks
scott
0
 
redseatechnologiesAuthor Commented:
Hi Guys,

show flash returns this;

c1700-y7-mz.124-1c.bin

Encryption is more important than performance - we only have minimal users, and data going over this tunnel will be very little

If that flash doesn't support it, then I assume it should be just a matter or reflashing the router, right?

I also have some questions that the other end of the tunnel want to know (but as yet, i have no idea about it) Should I ask that here, or would you prefer a new question?

Thanks

-red
0
 
Scotty_ciscoCommented:
this image is not an encryption image....

you would want the following.

c1700-advsecurityk9-mz.124-8.bin 64 meg ram 16 meg flash

that is 12.4

12.3

c1700-advsecurityk9-mz.123-19.bin then you would need 48 meg ram 16 meg flash and this is GD so you know it is stable.

Thanks
Scott
0
 
redseatechnologiesAuthor Commented:
Right,

I think I only have 32MB ram - will it still work?  If so, how do I do it (and where do I get the flash from) I haven't started googling yet :)

This help?

axis-rd1#sh hard
Cisco IOS Software, C1700 Software (C1700-Y7-M), Version 12.4(1c), RELEASE SOFTW
ARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Wed 26-Oct-05 06:46 by evmiller

ROM: System Bootstrap, Version 12.2(7r)XM2, RELEASE SOFTWARE (fc1)

axis-rd1 uptime is 4 weeks, 1 hour, 54 minutes
System returned to ROM by power-on
System image file is "flash:c1700-y7-mz.124-1c.bin"

Cisco 1760 (MPC860P) processor (revision 0x600) with 57550K/7986K bytes of memor
y.
Processor board ID FOC094748LP (2384546931), with hardware revision 0000
MPC860P processor: part number 5, mask 2
1 FastEthernet interface
2 ATM interfaces
32K bytes of NVRAM.
32768K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

axis-rd1#
0
 
JFrederick29Commented:
You actually have 32MB of Flash and 64MB of RAM so you are in good shape to load the new image.
0
 
Scotty_ciscoCommented:
Yup image should work but if your much over 800K you in data rate your performace will suffer due to the encryption.

Thanks
Scott
0
 
redseatechnologiesAuthor Commented:
Yeah, I saw this >  57550K/7986K bytes of memory.  < and was hopeful!

Thanks for your help guys, I just downloaded the only image I could find (not being a cisco.com member) which is c1700-advsecurityk9-mz.124-7.bin

I am not sure if this image will work (but assume it would as it is so close) and worse than that, I am not sure that this image has not been tampered with between cisco and me.

First, how do you update the image, and second, is there somewhere else that I can download the correct image from?

Thanks

-red
0
 
Scotty_ciscoCommented:
The only way to verify the image is to have access to a CCO account.  the simple way to do this is to get a tftp server on a laptop and then issue a copy tftp flash
0
 
JFrederick29Commented:
Well technically, you need to purchase a license for the IOS with the feature set you need since you bought the router with the base image.
0
 
redseatechnologiesAuthor Commented:
Ok, thanks for your help guys, I will look into the IOS license and go from there

-red
0
 
redseatechnologiesAuthor Commented:
The saga continues;

I would love your help here guys

http://www.experts-exchange.com/Hardware/Routers/Q_21917774.html

Thanks

-red
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 6
  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now