eggster34
asked on
hub and spoke vpn topology with cisco routers
Hello Experts,
I have a question:
I have 3 separate locations.
Site A has a 1800 router that has a static public ip and a 192.168.10.x address range on the inside network.
Site B has an 800 series router which has 10.2.0.x internal range and the router has a dynamic public ip address.
site C has an 800 series router which has 10.3.0.x internal range and the router has a dynamic public ip address.
All locations use static private defined ip addresses for all workstations and nat is used for translation from public to private. In addition:
Site A has a nat transalation for an additional public ip address to an internal private ip address for email (smtp - port 25) An internal DNS server exists (whereby all machines internal are set to resolve from, the dns server forwards queries to two public dns servers for unanswered queries.)
All locations are connected by ADSL.
My requirement is to establish site to site vpn so site b and c can access resources at site A (Exchange and domain controllers)
Site A needs to access the workstations in site B and site C.
Additionally I need to be able to connect to site A using the cisco vpn client to access internal servers etc and it would be good to access site B and C through site A.
So I need somewhat full routing between Site A and the rest of the sites and for the Cisco VPN client :)
Please suggest how I should set this up. as I am clueless.
I have a question:
I have 3 separate locations.
Site A has a 1800 router that has a static public ip and a 192.168.10.x address range on the inside network.
Site B has an 800 series router which has 10.2.0.x internal range and the router has a dynamic public ip address.
site C has an 800 series router which has 10.3.0.x internal range and the router has a dynamic public ip address.
All locations use static private defined ip addresses for all workstations and nat is used for translation from public to private. In addition:
Site A has a nat transalation for an additional public ip address to an internal private ip address for email (smtp - port 25) An internal DNS server exists (whereby all machines internal are set to resolve from, the dns server forwards queries to two public dns servers for unanswered queries.)
All locations are connected by ADSL.
My requirement is to establish site to site vpn so site b and c can access resources at site A (Exchange and domain controllers)
Site A needs to access the workstations in site B and site C.
Additionally I need to be able to connect to site A using the cisco vpn client to access internal servers etc and it would be good to access site B and C through site A.
So I need somewhat full routing between Site A and the rest of the sites and for the Cisco VPN client :)
Please suggest how I should set this up. as I am clueless.
ASKER
HEllo
The client VPN part works fine.
But how can I connect the 2 remote sites via vpn? I need site-to-site VPNs between sites A, B and C to be established between the routers.
The client VPN part works fine.
But how can I connect the 2 remote sites via vpn? I need site-to-site VPNs between sites A, B and C to be established between the routers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks again, but I don't have SDM and I wish to use the CLI.
Is there a guide on how to do it through the CLI?
Is there a guide on how to do it through the CLI?
I can't find any using cli. But once you configure it using SDM you will get the config anyways right ?
http://www.cisco.com/en/US/customer/products/ps6635/products_white_paper0900aecd803645b5.shtml
Try the above link, which would kinda give something.
Cheers,
Rajesh
http://www.cisco.com/en/US/customer/products/ps6635/products_white_paper0900aecd803645b5.shtml
Try the above link, which would kinda give something.
Cheers,
Rajesh
Ok. Found it, here it is;
http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml#diag
You need a CCO account to view this.
Cheers,
Rajesh
http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml#diag
You need a CCO account to view this.
Cheers,
Rajesh
forget the last link, it pix again.
Cheers,
Rajesh
Cheers,
Rajesh
http://www.cisco.com/en/US/products/hw/routers/ps274/products_configuration_example09186a00806ad10e.shtml#diag
Cheers,
Rajesh