Solved

Site To Site VPN Cisco routers

Posted on 2007-03-29
10
1,451 Views
Last Modified: 2008-12-06
Good Day Guys,

I would like to establish a VPN tunnel between 2 offices, both locations have Cisco 2811 routers with AIM-VPN/EPII - Plus on them. I need some recommendations of how to start a site - to - site VPN tunnel to make users on both locations to be able to access resources also on both locations securely ... I highly appreciate any help.

Thanks,
0
Comment
Question by:ndihelpiraq
  • 3
  • 2
  • 2
  • +1
10 Comments
 
LVL 4

Accepted Solution

by:
Louis_E earned 84 total points
Comment Utility
This should get you started.
http://www.cisco.com/en/US/products/hw/routers/ps341/products_configuration_guide_book09186a008051522f.html

You can also try the cisco SMD gui to conifigure it.
0
 
LVL 28

Assisted Solution

by:batry_boy
batry_boy earned 83 total points
Comment Utility
Here is a configuration example of setting up an IPSEC tunnel between two routers:

http://www.cisco.com/en/US/products/hw/routers/ps274/products_configuration_example09186a008073e078.shtml

However, I would also recommend looking at the SDM (web GUI) on each router to configure a site-to-site tunnel.  It will step you through the process of establishing the VPN connection between the two sites.  Here is some info on using the SDM for the VPN tunnel setup:

http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_user_guide_chapter09186a0080656460.html
0
 
LVL 28

Expert Comment

by:batry_boy
Comment Utility
Louis_E, you must type faster than me!  :)
0
 
LVL 4

Expert Comment

by:Louis_E
Comment Utility
LOL yes i must do altough you typed more than me...
In my original post i meant SDM and not SMD sorry.

its a good start to get it up and running....a good tip is to turn on 'output commands before applying them so that you can see to config that is actually going onto the router. That way you lean the commands quicker.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:ndihelpiraq
Comment Utility
Thank you guys very much for your prompt replies and the recommendations. I have used SDM many times before and will start using it once again in configuring the VPN Tunnel according to your recommendations. I hope that I can have it up and running soon, then I will get back to let you know.

Thanks again guys for the tips.
0
 
LVL 3

Assisted Solution

by:hancke
hancke earned 83 total points
Comment Utility
If you run the wizard on SDM you will need to define a few basic things.
1. Both peer addresses (outside addresses)
2. Both inside subnets (host address if single host) You will define each end with source and destination.  This defines 'interesting traffic' that will go across the VPN.  You cannot use the same inside subnet at each site.
3. I usually use 3DES/MD5, Deffie-Hellman 2 and use PFS.
4. I use a 128 bit preshared key.
All else should be setup if the routers are currently installed and working.
0
 

Author Comment

by:ndihelpiraq
Comment Utility
I started working with the SDM but the problem is that it keeps telling me the that VPN is not available the same for the IPS, and it tells me to go to Cisco website ad update the IOS image on my router.

I'm currently using SDM 2.3.2 and my IOS Software version is 12.4(3e) ... shouldn't this software version have VPN, Firewall and IPS? ... Thoughts?

Thanks Again.
0
 

Author Comment

by:ndihelpiraq
Comment Utility
I just wanted to add the exact model number of the routers I have (CISCO2811-ADSL/ K9) with AIM-VPN/EPII - Plus on them but I don't know how to enable VPN and Firewall and IPS of course if they are available ... I actually don't know how to check ... any clues?
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now