Configuring VPN on Cisco 1921/K9 routers

Posted on 2011-03-12
Last Modified: 2012-06-27
Is there a good guide for configuring site to site vpn using Cisco 1921 routers?  I am trying to connect my two fire houses via commercial broadband services and have had no success.

Additionally, there is a requirement for a few remote login sessions.  I intend to use Cisco's VPN client to do that.

Once that is configured, I need to configure the firewall to include web filtering.

IOS version is 15.0(1)M3.

I am comfortable with the CLI and the CCP GUI.

Question by:ITFireman
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
LVL 34

Accepted Solution

Istvan Kalmar earned 500 total points
ID: 35117677

Expert Comment

ID: 35120867
Do you have fixed IP's at both ends ?
Can you ping the one router from the other ?

Author Comment

ID: 35121335
@diepes.  Yes I have fixed IPs at both ends and the routers can ping each other.
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.


Expert Comment

ID: 35123160
@ITFireman: I would suggest to start with a GRE tunnel.  No encryption, but easy to setup.

interface Tunnel0
 ip address  !!<Use 1 on one side, and 2 on the other e.g.
tunnel source Ethernet0/0        !!<Own external interface
 tunnel destination  !!<Otherside external ip.

 tunnel key 123


Author Comment

ID: 35123639
@diepes Ok...  But I do require encryption since I am dealing with company and patient information.  Where do I go once I get beyond a GRE tunnel?

@ikalmar Thanks.
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35189617

Did you tried it?

Author Comment

ID: 35195872

Yes... I followed the setup in the first link you sent.  The link is up.  That is further than I was able to get before.  Howerver, I am not able to ping anything on the opposite network.

Any suggestions?

Expert Comment

ID: 35206258

You can run a # debug icmp
on both sides to see if there is only one way connectivity.

As to the GRE, once you have GRE you can wrap it in ipsec, but it seems as if you are close.
Maybe paste your current config.

Author Closing Comment

ID: 35220514
Did not exactly address the problem.  But I was able to at least test my routers to verify I could connect.

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question