Configuring VPN on Cisco 1921/K9 routers

Posted on 2011-03-12
Last Modified: 2012-06-27
Is there a good guide for configuring site to site vpn using Cisco 1921 routers?  I am trying to connect my two fire houses via commercial broadband services and have had no success.

Additionally, there is a requirement for a few remote login sessions.  I intend to use Cisco's VPN client to do that.

Once that is configured, I need to configure the firewall to include web filtering.

IOS version is 15.0(1)M3.

I am comfortable with the CLI and the CCP GUI.

Question by:ITFireman
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
LVL 34

Accepted Solution

Istvan Kalmar earned 500 total points
ID: 35117677

Expert Comment

ID: 35120867
Do you have fixed IP's at both ends ?
Can you ping the one router from the other ?

Author Comment

ID: 35121335
@diepes.  Yes I have fixed IPs at both ends and the routers can ping each other.
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.


Expert Comment

ID: 35123160
@ITFireman: I would suggest to start with a GRE tunnel.  No encryption, but easy to setup.

interface Tunnel0
 ip address  !!<Use 1 on one side, and 2 on the other e.g.
tunnel source Ethernet0/0        !!<Own external interface
 tunnel destination  !!<Otherside external ip.

 tunnel key 123


Author Comment

ID: 35123639
@diepes Ok...  But I do require encryption since I am dealing with company and patient information.  Where do I go once I get beyond a GRE tunnel?

@ikalmar Thanks.
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 35189617

Did you tried it?

Author Comment

ID: 35195872

Yes... I followed the setup in the first link you sent.  The link is up.  That is further than I was able to get before.  Howerver, I am not able to ping anything on the opposite network.

Any suggestions?

Expert Comment

ID: 35206258

You can run a # debug icmp
on both sides to see if there is only one way connectivity.

As to the GRE, once you have GRE you can wrap it in ipsec, but it seems as if you are close.
Maybe paste your current config.

Author Closing Comment

ID: 35220514
Did not exactly address the problem.  But I was able to at least test my routers to verify I could connect.

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question