VPN cisco router

Posted on 2013-11-20
Last Modified: 2013-11-23
Please can anyone give me some direction over replacing a juniper router with a cisco 2901.
I am having issues with a cloud partner router and want to bypass this with a cisco.

I need some advise on how to set up ipsec tunnel to the provider and static routes to point there for hosts desktops.  also will this affect NATing of protocols for my voice and data ?

the vpn detail are :

VPN Details
VPN Name
Hosted End-Point IP
On-premise End-Point IP Address
On-Premise Network
On-Premise Subnet Mask
Pre-Shared Key
IKE Phase 1
Pre-Share Diffie-Hellman Group 2
86400s (1 day)
IKE Phase 2
3600s (1 hour)

any help would be muchly appreciated. Thank you for your time
Question by:Maphew
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 28

Expert Comment

ID: 39669638
Well, that's all the info you need to configure the VPN, so you should be good.  Are you looking for the exact commands to enter?

Author Comment

ID: 39669662
Hello and thank you for repsonding

yes and also knowing where to create this .....

is it on the sub interface of the data vlan as its for users to connect to a hosted desktop provider and do not need the voice vlan to utilise this route etc

i hope i make sense , its just the  leasedline supplier will not give us a wires only service and we are having issues with their router esp for voip....  sorry for going on
LVL 28

Expert Comment

ID: 39669837
You apply the crypto map to the outside interface.
LVL 28

Accepted Solution

asavener earned 500 total points
ID: 39669883
Looks like you still need the off-premises network information.

crypto isakmp policy 10
encryption aes 256
hash sha1
authentication pre-share
group 2
lifetime 86400

crypto isakmp policy 20
encryption aes 128
hash sha1
authentication pre-share
group 2
lifetime 86400

crypto isakmp policy 30
encryption 3des
hash sha1
authentication pre-share
group 2
lifetime 86400

crypto isakmp key f08fF*KT*ZlD address

ip access-list extended Tunnel1
permit ip <destination subnet> <destination wildcard mask>

crypto ipsec transform-set aes256 esp-aes-256 esp-sha-hmac
crypto ipsec transform-set aes128 esp-aes-128 esp-sha-hmac
crypto ipsec transform-set 3des esp-3des esp-sha-hmac

crypto map Tunnels 10 ipsec-isakmp
set peer
set transform-set aes256 aes128 3des
match address Tunnel1

interface <outside interface>
crypto map Tunnels

Author Closing Comment

ID: 39671236
Thank you very much for your time and support

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question