Solved

Configuring VPN on Cisco 1921/K9 routers

Posted on 2011-03-12
9
5,533 Views
Last Modified: 2012-06-27
Is there a good guide for configuring site to site vpn using Cisco 1921 routers?  I am trying to connect my two fire houses via commercial broadband services and have had no success.

Additionally, there is a requirement for a few remote login sessions.  I intend to use Cisco's VPN client to do that.

Once that is configured, I need to configure the firewall to include web filtering.

IOS version is 15.0(1)M3.

I am comfortable with the CLI and the CCP GUI.

0
Comment
Question by:ITFireman
  • 4
  • 3
  • 2
9 Comments
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 500 total points
ID: 35117677
0
 
LVL 7

Expert Comment

by:diepes
ID: 35120867
Do you have fixed IP's at both ends ?
Can you ping the one router from the other ?
0
 

Author Comment

by:ITFireman
ID: 35121335
@diepes.  Yes I have fixed IPs at both ends and the routers can ping each other.
0
 
LVL 7

Expert Comment

by:diepes
ID: 35123160
@ITFireman: I would suggest to start with a GRE tunnel.  No encryption, but easy to setup.

interface Tunnel0
 ip address 10.0.0.1 255.255.255.0  !!<Use 1 on one side, and 2 on the other e.g.
tunnel source Ethernet0/0        !!<Own external interface
 tunnel destination 10.10.10.1  !!<Otherside external ip.

 tunnel key 123

0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:ITFireman
ID: 35123639
@diepes Ok...  But I do require encryption since I am dealing with company and patient information.  Where do I go once I get beyond a GRE tunnel?

@ikalmar Thanks.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35189617
HI,

Did you tried it?
0
 

Author Comment

by:ITFireman
ID: 35195872
@ikalmar

Yes... I followed the setup in the first link you sent.  The link is up.  That is further than I was able to get before.  Howerver, I am not able to ping anything on the opposite network.

Any suggestions?
0
 
LVL 7

Expert Comment

by:diepes
ID: 35206258
@ITFireman

You can run a # debug icmp
on both sides to see if there is only one way connectivity.

As to the GRE, once you have GRE you can wrap it in ipsec, but it seems as if you are close.
Maybe paste your current config.
0
 

Author Closing Comment

by:ITFireman
ID: 35220514
Did not exactly address the problem.  But I was able to at least test my routers to verify I could connect.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now