CISCO VPN

pawanopensource
pawanopensource used Ask the Experts™
on
I have to connect 4 sites ,I have cisco 2821 router and 2mbps link how I can create vpn to connect all sites
Thanks
With regards
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
This should give you a clue as to how to make a fully mesh VPN network.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008014f8ab.shtml
Commented:
Hi

assume you have router 1 at main side, router 2 at 2nd side, router 3 at 3rd side, and router 4 at 4rth side ...


then,, the attached configuration is a site 2 site VPN between 1st side as it's the main router to other sides as branches ..

am assuming IPs in my sample,, and you can exchange them by your real and active one ..

it's simple and easy to use ..

best regards

Router 1


!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2  
lifetime 28800
crypto isakmp key YOUR.1st.KEY address X.X.X.X   >>> router 2 IP
crypto isakmp key YOUR.2nd.KEY address z.z.z.z   >>> router 3 IP
crypto isakmp key YOUR.3rd.KEY address w.w.w.w   >>> router 3 IP
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map VPN-site2site 1 ipsec-isakmp
 description Tunnel to Router2
set peer X.X.X.X
set transform-set ESP-3DES-SHA
 match address 101
!
crypto map VPN-site2site 2 ipsec-isakmp
 description Tunnel to Router2
set peer z.z.z.z
set transform-set ESP-3DES-SHA
 match address 102
!
!
crypto map VPN-site2site 3 ipsec-isakmp
 description Tunnel to Router2
set peer w.w.w.w
set transform-set ESP-3DES-SHA
 match address 103
!
!
!
!
!
interface FastEthernet0/0 >>> WAN interface
 description VPN-Peer-Interface
ip address y.y.y.y subnetmask
crypto map VPN-site2site
!

access-list 101 permit ip LAN1 0.0.0.255 LAN2 0.0.0.255
access-list 102 permit ip LAN1 0.0.0.255 LAN3 0.0.0.255
access-list 103 permit ip LAN1 0.0.0.255 LAN4 0.0.0.255
!
!

where:::

LAN1 >> local network IPs on router 1
LAN2 >> local network IPs on router 2
LAN3 >> local network IPs on router 3
LAN4 >> local network IPs on router 4

----------------------------------------------

Router 2


!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2  
lifetime 28800
crypto isakmp key YOUR.1st.KEY address Y.Y.Y.Y   >> router 1 IP

!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map VPN-site2site 1 ipsec-isakmp
 description Tunnel to Router1
set peer y.y.y.y
set transform-set ESP-3DES-SHA
 match address 101

!
!
!
!
!
interface FastEthernet0/0 >>> WAN interface
 description VPN-Peer-Interface
ip address X.X.X.X subnetmask
crypto map VPN-site2site
!

access-list 101 permit ip LAN2 0.0.0.255 LAN1 0.0.0.255
!
!
where:::

LAN1 >> local network IPs on router 1
LAN2 >> local network IPs on router 2

-------------------------------------------

Router 3


!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2  
lifetime 28800
crypto isakmp key YOUR.2nd.KEY address Y.Y.Y.Y   > router 1 IP

!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map VPN-site2site 1 ipsec-isakmp
 description Tunnel to Router1
set peer Y.Y.Y.Y
set transform-set ESP-3DES-SHA
 match address 101

!
!
!
!
!
interface FastEthernet0/0 >>> WAN interface
 description VPN-Peer-Interface
ip address z.z.z.z subnetmask
crypto map VPN-site2site
!

access-list 101 permit ip LAN3 0.0.0.255 LAN1 0.0.0.255
!
!


where:::

LAN1 >> local network IPs on router 1
LAN3 >> local network IPs on router 3

-------------------------------------------


Router 4


!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2  
lifetime 28800
crypto isakmp key YOUR.3rd.KEY address Y.Y.Y.Y   >>> router 1 IP

!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map VPN-site2site 1 ipsec-isakmp
 description Tunnel to Router1
set peer Y.Y.Y.Y
set transform-set ESP-3DES-SHA
 match address 101

!
!
!
!
!
interface FastEthernet0/0 >>> WAN interface
 description VPN-Peer-Interface
ip address w.w.w.w subnetmask
crypto map VPN-site2site
!

access-list 101 permit ip LAN4 0.0.0.255 LAN1 0.0.0.255
!
!

Where:::

LAN1 >> local network IPs on router 1
LAN4 >> local network IPs on router 4

Open in new window

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial