Configuring VPN on Cisco 1921/K9 routers

Posted on 2011-03-12
Last Modified: 2012-06-27
Is there a good guide for configuring site to site vpn using Cisco 1921 routers?  I am trying to connect my two fire houses via commercial broadband services and have had no success.

Additionally, there is a requirement for a few remote login sessions.  I intend to use Cisco's VPN client to do that.

Once that is configured, I need to configure the firewall to include web filtering.

IOS version is 15.0(1)M3.

I am comfortable with the CLI and the CCP GUI.

Question by:ITFireman
  • 4
  • 3
  • 2
LVL 34

Accepted Solution

Istvan Kalmar earned 500 total points
ID: 35117677

Expert Comment

ID: 35120867
Do you have fixed IP's at both ends ?
Can you ping the one router from the other ?

Author Comment

ID: 35121335
@diepes.  Yes I have fixed IPs at both ends and the routers can ping each other.

Expert Comment

ID: 35123160
@ITFireman: I would suggest to start with a GRE tunnel.  No encryption, but easy to setup.

interface Tunnel0
 ip address  !!<Use 1 on one side, and 2 on the other e.g.
tunnel source Ethernet0/0        !!<Own external interface
 tunnel destination  !!<Otherside external ip.

 tunnel key 123

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!


Author Comment

ID: 35123639
@diepes Ok...  But I do require encryption since I am dealing with company and patient information.  Where do I go once I get beyond a GRE tunnel?

@ikalmar Thanks.
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35189617

Did you tried it?

Author Comment

ID: 35195872

Yes... I followed the setup in the first link you sent.  The link is up.  That is further than I was able to get before.  Howerver, I am not able to ping anything on the opposite network.

Any suggestions?

Expert Comment

ID: 35206258

You can run a # debug icmp
on both sides to see if there is only one way connectivity.

As to the GRE, once you have GRE you can wrap it in ipsec, but it seems as if you are close.
Maybe paste your current config.

Author Closing Comment

ID: 35220514
Did not exactly address the problem.  But I was able to at least test my routers to verify I could connect.

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Command "logging persistent size .... " 6 24
EIGRP Summary 2 31
Not able to route between subnets 8 30
stacking Catalyst 3650 11 9
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now