Link to home
Start Free TrialLog in
Avatar of Hazem Badr
Hazem BadrFlag for Kuwait

asked on

Cisco 887VA and Cisco Rv042

Dear Experts

Can any one Please confirm that we can configure Cisco 887VA with Cisco Rv042  VPN Site to Site ?
ASKER CERTIFIED SOLUTION
Avatar of NetExpert Network Solutions Pte Ltd
NetExpert Network Solutions Pte Ltd
Flag of Singapore image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I use the Cisco RV042 with Juniper Netscreen and other RVxx series routers so site to site works.

Set up Site to Site in the RV042 in the VPN tab and selecting Site to Site setup (not Client to Gateway).
Provide a tunnel number and name.
Local Gateway type IP Only
Local external IP
Local Security group Subnet
IP Address
Subnet mask
Remote Gateway type IP Only
Remote external IP
Remote Security Group Subnet
IP Address
Subnet Mask
IP SETUP
Keying Type: IKE Pre Share
Phase 1 DH Group 2
Phase 1 3DES or higher (preferably higher)
Phase 1 Authentication SHA1
PFS: No
Phase 2 same as phase 1
Pre share key - provide one
Advanced+
Use main mode, not aggressive
Keep alive ON
Dead Peer Detect 10 seconds
NAT Traversal: May need to be on or off.

Now set up IPsec in the other router the same way and it should work
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Benjamin Van Ditmars
The configuration will look like this on the 887VA

crypto isakmp policy 10
 encr 3des
 hash sha
 authentication pre-share
 group 2

crypto isakmp key {preshared key} address {ip address remote device}

crypto ipsec transform-set Site2site esp-3des esp-sha-hmac

crypto map Site2site-map 10 ipsec-isakmp
 description Site2Site
 set peer {ip address remote device}
 set security-association lifetime seconds 28800
 set transform-set Site2site
 match address TRAFFIC-TO-VPN

interface / dialer with is bound to youre outside interface      
  crypto map Site2site-map
!




ip nat inside source route-map ALLOW-NAT interface {outside interface} overload

ip access-list extended NAT-POOL
 deny   ip {local subnet} 0 0.0.0.255 {remote subnet} 0.0.0.255
 permit ip {local subnet} 0.0.0.255 any

ip access-list extended TRAFFIC-TO-VPN
 permit ip {local subnet} 0 0.0.0.255 {remote subnet} 0.0.0.255
!
dialer-list 1 protocol ip permit
!
route-map ALLOW-NAT permit 10
 match ip address NAT-POOL
!