Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Cisco 1811 VPN/IPSEC setup

Avatar of Bardlebee
Bardlebee asked on
RoutersVPNInternet Protocol Security
15 Comments1 Solution1612 ViewsLast Modified:
So, I am trying to setup 5 remote sites that for the most part will always stay the same IP address. It is on IPsec mode and I really only need static routes. The problem is that I have been doing research for the past week trying to set this bad boy up and I can't seem to get it right. That is, it is a bit over my head as I only have a CCENT so my knowledge is slim on this subject, though I know in theory how it works.

The first attachment is of my current RouteFinder that I am replacing with this Cisco 1811. The second image is of another RouteFinder which is my remote site. Each site is setup exactly the same so really I only need to be shown/advised once then I can nit pick through the rest.

Cisco Router 1811 - RouteFinder LAN: 192.168.2.0
Cisco Router 1811 - Outside IP Address: 111.111.111.1112 (this is fake obviously)

RouteFinder Remote Site LAN: 192.168.11.0
RouteFinder Remote Site Outside IP Address: 111.111.111.113 (fake as well)

You can see that I have NAT going as well, took me quite awhile to figure that one out...

Here is my sh run config:

Current configuration : 3746 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname WG-STSC
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-3872896560
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3872896560
 revocation-check none
 rsakeypair TP-self-signed-3872896560
!
!
crypto pki certificate chain TP-self-signed-3872896560
 certificate self-signed 01
  30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33383732 38393635 3630301E 170D3130 30363235 31363337
  35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38373238
  39363536 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BE8A B5790460 A9253C5A 38A1933A 19925684 71E3593E F352827B CA66CCC1
  024EEC73 63C2FB7E DE069B52 F335D5EA A1A0839F A9E6104E EC45ABFA 8DA03006
  BD0FE01F 35D15726 8D8E23E5 21BCD930 D220CE65 4528F3DC BA15C82F 4720549B
  5EA44127 8DA7E630 EC359BC4 502C5E31 9DC8DA5E FF3D0393 DE10ED8D BC0013F5
  2FD30203 010001A3 6E306C30 0F060355 1D130101 FF040530 030101FF 30190603
  551D1104 12301082 0E57472D 53545343 2E574753 54534330 1F060355 1D230418
  30168014 176C5BC2 2E35E8A6 02309904 DA180631 A77880D9 301D0603 551D0E04
  16041417 6C5BC22E 35E8A602 309904DA 180631A7 7880D930 0D06092A 864886F7
  0D010104 05000381 81008D31 D77BC5FC 24ECF53F D08E4371 5677043A 6A3F0D17
  4E066A7B 8AB49E22 3B8F260F B8BB3723 2F10042A 66D44365 04F56FDB CD6DD582
  7C1C0E80 E73093F2 00880ECB 11050139 A40B8767 F6D7EF2B BA3DDE2F 8DFA7D3C
  58B8C04C 209A6D80 2C55F9B2 53BC4827 C92DEB9E E3865133 B6111C49 E98E486D
  8C638C74 52170C4E AEBA
        quit
dot11 syslog
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.2.1 192.168.2.105
ip dhcp excluded-address 192.168.2.200 192.168.2.254
!
ip dhcp pool 192.168.2.0/24
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.1
   dns-server 66.196.216.10
!
ip dhcp pool 192.168.2.0\24
   dns-server 192.168.2.113 255.255.255.0
!
!
ip domain name WGSTSC
!
multilink bundle-name authenticated
!
!
username admin privilege 15 secret 5 $1$okPG$sSaKRYxgE8z7A/oZYTN9k0
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
 ip address 111.111.111.112 255.255.255.240
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
 speed 100
!
interface Vlan1
 ip address 192.168.2.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Async1
 no ip address
 encapsulation slip
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 111.111.111.111
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 102 interface FastEthernet0 overload
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 102 permit ip 192.168.2.0 0.0.0.255 any
!
!
!
!
!
!
control-plane
!
!
line con 0
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input ssh
line vty 16
 privilege level 15
 login local
 transport input all
!
end

 Router to be replaced by this CISCO 1811 Router to be replaced by this CISCO 1811Untitled2.png
ASKER CERTIFIED SOLUTION
Avatar of crouthamela
crouthamelaFlag of United States of America image

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 15 Comments.
See Answers