Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

how to setup site to site vpn

Posted on 2014-04-16
3
616 Views
Last Modified: 2014-04-27
Both offices A and B have SHDSL, office A uses a Cisco router 1900, while B has a Cisco ASA 5500 Firewall and a 1900 router.

How to config them to have a site to site vpn, so that PCs in both sites can communicate each other? thanks
0
Comment
Question by:tonitoni99
3 Comments
 
LVL 10

Expert Comment

by:Scott Thomson
ID: 40003325
Hi tonitoni99

This is a common question. and unfortunately I am not good enough with Cisco to help you. What I could suggest is you search through EE because I see this questions posted 2 - 3 times a day so there is most likely a great guide for you that has been in a previous question. Of course other experts will comment in time but in the meantime I would suggest you do some searching :) you might manage to find the answer you need before an expert can specifically explain the config of your exact setup.

Thanks
0
 
LVL 28

Accepted Solution

by:
asavener earned 500 total points
ID: 40003876
What version of the IOS are you running?

There are a few basic pieces of information you need in order to get this working.

1. what two devices are going to constitute the endpoints of the VPN?  

2. What traffic needs to go over the VPN?  You need to define the traffic flows in access lists on each end, and the access lists must be complimentary.
Example:  site A: ip access-list extended VPN-to-B permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
site B:  ip access-list extended VPN-to-A permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255

3. What are the peer IP addresses?  (The outside addresses of the VPN endpoints.)

4. Define the IKE policies.  (Allowed hashing and encryption method for Phase 1)

5. Define the transform set.  (Allowed hashing and encryption for the VPN itself)

6.  Define pre-shared keys.  (Make sure it's nice and long.)

7.  Define the crypto map.  (includes peer address, access list AKA "interesting traffic", transform set, and option description)

8.  Assign the crypto map to an interface.

9.  Make sure the all required traffic is allowed through access lists and/or firewalls.  (Required traffic is UDP/500 and either ESP protocol or UDP/4500, depending on whether you're traversing a NAT device)


As long as you have the required info, it's pretty straightforward.  One thing to keep in mind is that it is NOT forgiving of typos, or mis-matched settings.  It will just fail.


http://www.cisco.com/c/en/us/support/docs/cloud-systems-management/configuration-professional/113337-ccp-vpn-routerA-routerB-config-00.html

http://www.cisco.com/c/en/us/support/docs/cloud-systems-management/configuration-professional/112153-ccp-vpn-asa-router-config-00.html
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40005254
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
fabric 1 31
Install SSL certificate on Cisco ASA 5506 6 47
not able to to ping server on a switch 1 33
Poll Active Directory user information 11 41
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question