Vpn site to site tunnel

Posted on 2012-08-15
Last Modified: 2012-08-25
Hello gentlemen!

My customer has VPN connection from the main office (ASA 5505) to a remote site (Cisco 1811)
completing the tunnel.  Because of recent problems with the 1811, the customer is requesting
a replacement router\device if the current 18 11 fails again.  They would like keep this NEW
router\ device on site as a backup for now.  Their current requirements do not need VOIP,
wireless functions or DHCP...but may need them in the future.

We would prefer a replacement device that could basically use the same configs the current
router (1811) is using...beacuse none of us have ever configured a vpn tunnel before!

This would not be a problem if we could purchase another 1811... but they are phased out.
I am being told that the Cisco 1921 would be a suitable replacement.   I just need something  not  to difficult to upgrade to.

Cost for the new device is not an issue.

Thanks in advance!

Question by:Rayneedssomehelp
    LVL 28

    Expert Comment

    1921 should be a suitable replacement, and if you put the same version of the IOS on the new router you should just be able to replicate the 1811's configuration.  Even a newer version of the IOS should be backwards compatible with the VPN configuration.

    Some things you can't just paste in, such as the passwords, and some things you will need to change, such as the access list 23 that limits remote access and the shutdown commands on the interfaces.
    LVL 28

    Expert Comment

    Check that you have the correct license, though.  You will need the crypto abilities, so you need the SEC (security) license.

    Author Comment

    Should I go for the Ciso 1921 Sec model or the one without it?


    LVL 28

    Accepted Solution

    For VPN, you need the SEC model.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
    Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now