?
Solved

Cisco VPN Tunnel

Posted on 2010-01-11
5
Medium Priority
?
283 Views
Last Modified: 2012-05-08
Ive got 2 private networks (192.168.1.X and 192.168.2.X) each having a Cisco 2800 router on them. The routers have an unsecure Ethernet connection between them (on interface g0/1). Id like to setup some sort of secure tunnel between the routers over the unsecure Ethernet connection. Id like the private networks to have no access to the unsecured Ethernet network and no access from the unsecured Ethernet network to the private networks. Im familiar enough with the Cisco IOS to setup interfaces and access lists, but Ive never done encrypted tunnels before. I dont want to use SDM or any other GUI tool; Id like to see the IOS commands used.

Thanks,
-Daniel
0
Comment
Question by:MassiveD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 4

Expert Comment

by:a1aait
ID: 26286236
Is the "unsecure Ethernet connection" local wiring in your building, or is it an internet connection?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 26286253
0
 
LVL 16

Accepted Solution

by:
memo_tnt earned 2000 total points
ID: 26286731
Hi

assume you have router 1 on 1st side and router 2 on 2nd side

then

Router 1


!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2  
 lifetime 28800
crypto isakmp key YOUR.KEY address X.X.X.X   > router 2 IP

!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map VPN-site2site 1 ipsec-isakmp
 description Tunnel to Router2
 set peer X.X.X.X
 set transform-set ESP-3DES-SHA
 match address 101

!
!
!
!
!
interface FastEthernet0/0 >>> WAN interface
 description VPN-Peer-Interface

 crypto map VPN-site2site
!

access-list 101 permit ip LAN1 0.0.0.255 LAN2 0.0.0.255


LAN1 >> local network IPs on router 1
LAN2 >> local network IPs on router 2


Router 2


!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2  
 lifetime 28800
crypto isakmp key YOUR.KEY address Y.Y.Y.Y   > router 1 IP

!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map VPN-site2site 1 ipsec-isakmp
 description Tunnel to Router1
 set peer Y.Y.Y.Y
 set transform-set ESP-3DES-SHA
 match address 101

!
!
!
!
!
interface FastEthernet0/0 >>> WAN interface
 description VPN-Peer-Interface
ip address X.X.X.X subnetmask
 crypto map VPN-site2site
!

access-list 101 permit ip LAN2 0.0.0.255 LAN1 0.0.0.255

 
 LAN1 >> local network IPs on router 1
 LAN2 >> local network IPs on router 2
0
 

Author Comment

by:MassiveD
ID: 26294134
What ports/protocol are needed to support this? I want to place an access-list on the outside interface to only allow the two routers to talk and nothing else.
0
 
LVL 16

Expert Comment

by:memo_tnt
ID: 26295825
it's IPsec tunneling protocol ...

and the ACL above will allow only the two networks to talk to each others
0

Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question