Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6525
  • Last Modified:

Configuring VPN on Cisco 1921/K9 routers

Is there a good guide for configuring site to site vpn using Cisco 1921 routers?  I am trying to connect my two fire houses via commercial broadband services and have had no success.

Additionally, there is a requirement for a few remote login sessions.  I intend to use Cisco's VPN client to do that.

Once that is configured, I need to configure the firewall to include web filtering.

IOS version is 15.0(1)M3.

I am comfortable with the CLI and the CCP GUI.

0
ITFireman
Asked:
ITFireman
  • 4
  • 3
  • 2
1 Solution
 
diepesCommented:
Do you have fixed IP's at both ends ?
Can you ping the one router from the other ?
0
 
ITFiremanAuthor Commented:
@diepes.  Yes I have fixed IPs at both ends and the routers can ping each other.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
diepesCommented:
@ITFireman: I would suggest to start with a GRE tunnel.  No encryption, but easy to setup.

interface Tunnel0
 ip address 10.0.0.1 255.255.255.0  !!<Use 1 on one side, and 2 on the other e.g.
tunnel source Ethernet0/0        !!<Own external interface
 tunnel destination 10.10.10.1  !!<Otherside external ip.

 tunnel key 123

0
 
ITFiremanAuthor Commented:
@diepes Ok...  But I do require encryption since I am dealing with company and patient information.  Where do I go once I get beyond a GRE tunnel?

@ikalmar Thanks.
0
 
Istvan KalmarHead of IT Security Division Commented:
HI,

Did you tried it?
0
 
ITFiremanAuthor Commented:
@ikalmar

Yes... I followed the setup in the first link you sent.  The link is up.  That is further than I was able to get before.  Howerver, I am not able to ping anything on the opposite network.

Any suggestions?
0
 
diepesCommented:
@ITFireman

You can run a # debug icmp
on both sides to see if there is only one way connectivity.

As to the GRE, once you have GRE you can wrap it in ipsec, but it seems as if you are close.
Maybe paste your current config.
0
 
ITFiremanAuthor Commented:
Did not exactly address the problem.  But I was able to at least test my routers to verify I could connect.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now