Cisco VPN

Hi All,
I am updating VPN diagram, and it was missing external address for VPN sites.....so the site connects to 5 different vpn sites....I did a show run, and I just wanted to confirm that I am reading accurate external VPN link site IPs...
So 172.16.100.1 will be the external IP address for the main VPN site, and all the rest of the sites which are listed as crypto isakmp will be the external vpn gateway for this main site?

ip route 10.251.1.244 255.255.255.255 FastEthernet0/0/0
ip route 10.252.1.232 255.255.255.248 FastEthernet0/0/0
ip route 10.252.3.40 255.255.255.248 FastEthernet0/0/0
ip route 172.16.100.0 255.255.255.0 172.16.102.1



crypto isakmp policy 10
 authentication pre-share
 group 2
 lifetime 28800
crypto isakmp key elamotorsvpnsite1 address 172.16.100.1
crypto isakmp key elamotorsvpnsite2 address 172.16.100.2
crypto isakmp key elamotorsvpnsite3 address 172.16.100.3
crypto isakmp key elamotorsvpnsite4 address 172.16.100.4
crypto isakmp key elamotorsvpnsite5 address 172.16.100.5
crypto isakmp key elamotorsvpnsite6 address 172.16.100.6
crypto isakmp key elamotorsvpnsite7 address 172.16.100.7
crypto isakmp key elamotorsvpnsite8 address 172.16.100.8

crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 30 10 periodic
!
!
crypto ipsec transform-set ESP-DES-HMAC esp-des esp-sha-hmac
LVL 8
LeoAsked:
Who is Participating?
 
asavenerCommented:
Look for the peer addresses.  That will tell you the IP address(es) of the remote VPN peer(s).

It is possible to have pre-shared keys entered for peers to which you do not connect, so I would not consider that a definitive list.
0
 
LeoAuthor Commented:
so the peer addresses will be addressed as what in the config? or I have to connect on each Site to know the outside interface for the VPN IP address.
I have IP addresses of these tunnels, but they are for inside interfaces.
My aim is that when VPN link goes down on these sites, the IT tech. on these sites can ping on that IP addresses to know VPN is down, instead of trying to diagnose other issues which are not required.
0
 
LeoAuthor Commented:
interface Tunnel46
 description Static Virtual Tunnel Interface (SVTI) to Site3
 bandwidth 512
 ip address 10.20.250.10 255.255.255.252
 ip hello-interval eigrp 99 60
 ip hold-time eigrp 99 180
 ip flow ingress
 ip summary-address eigrp 99 10.0.0.0 255.0.0.0
 ip tcp adjust-mss 1400
 load-interval 30
 tunnel source GigabitEthernet0/0
 tunnel mode ipsec ipv4
 tunnel destination 172.16.100.3
 tunnel protection ipsec profile vpn-vti
 service-policy output SHAPE-512K

Would this will confirm that the VPN IP address for site 3 is 172.16.100.3? same as what I listed above.
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 
asavenerCommented:
tunnel destination 172.16.100.3
Yup.
0
 
LeoAuthor Commented:
ok.....for some of the sites....tunnel destination starts from  10.x range.....hows that possible?
0
 
JustInCaseCommented:
The same way as 172.16.x.x range :)
Also private address space :)
0
 
asavenerCommented:
As long as you can route to the address, it should work.

That's why I said to look at the actual tunnel, though, rather than the pre-shared keys.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.