Solved

VPN cisco router

Posted on 2013-11-20
5
860 Views
Last Modified: 2013-11-23
Please can anyone give me some direction over replacing a juniper router with a cisco 2901.
I am having issues with a cloud partner router and want to bypass this with a cisco.

I need some advise on how to set up ipsec tunnel to the provider and static routes to point there for hosts desktops.  also will this affect NATing of protocols for my voice and data ?

the vpn detail are :

VPN Details
VPN Name
flexvpn
Hosted End-Point IP
109.8.32.99
On-premise End-Point IP Address
146.25.16.101
On-Premise Network
192.168.10.0
On-Premise Subnet Mask
255.255.254.0
Pre-Shared Key
f08fF*KT*ZlD
IKE Phase 1
Encryption
AES-256/AES-128/3DES
Hash
SHA-1
Authentication
Pre-Share Diffie-Hellman Group 2
Lifetime
86400s (1 day)
IKE Phase 2
Encryption
AES-256/AES-128/3DES
Hash
SHA-1
Lifetime
3600s (1 hour)
PFS
Optional


any help would be muchly appreciated. Thank you for your time
0
Comment
Question by:Maphew
  • 3
  • 2
5 Comments
 
LVL 28

Expert Comment

by:asavener
Comment Utility
Well, that's all the info you need to configure the VPN, so you should be good.  Are you looking for the exact commands to enter?
0
 

Author Comment

by:Maphew
Comment Utility
Hello and thank you for repsonding

yes and also knowing where to create this .....


is it on the sub interface of the data vlan as its for users to connect to a hosted desktop provider and do not need the voice vlan to utilise this route etc

i hope i make sense , its just the  leasedline supplier will not give us a wires only service and we are having issues with their router esp for voip....  sorry for going on
0
 
LVL 28

Expert Comment

by:asavener
Comment Utility
You apply the crypto map to the outside interface.
0
 
LVL 28

Accepted Solution

by:
asavener earned 500 total points
Comment Utility
Looks like you still need the off-premises network information.

crypto isakmp policy 10
encryption aes 256
hash sha1
authentication pre-share
group 2
lifetime 86400

crypto isakmp policy 20
encryption aes 128
hash sha1
authentication pre-share
group 2
lifetime 86400

crypto isakmp policy 30
encryption 3des
hash sha1
authentication pre-share
group 2
lifetime 86400

crypto isakmp key f08fF*KT*ZlD address 109.8.32.99

ip access-list extended Tunnel1
permit ip 192.168.10.0 0.0.15.255 <destination subnet> <destination wildcard mask>

crypto ipsec transform-set aes256 esp-aes-256 esp-sha-hmac
crypto ipsec transform-set aes128 esp-aes-128 esp-sha-hmac
crypto ipsec transform-set 3des esp-3des esp-sha-hmac

crypto map Tunnels 10 ipsec-isakmp
set peer 109.8.32.99
set transform-set aes256 aes128 3des
match address Tunnel1

interface <outside interface>
crypto map Tunnels
0
 

Author Closing Comment

by:Maphew
Comment Utility
Thank you very much for your time and support
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now