Recent content by nunzeo

i have a router which is creating a VPN tunnel back to a cisco 3000 concentrator. i am looking to lock down the router as best possible so anything not coming from the peer is dropped. i also want to make it so that i can access the router from one public IP address if for some reason i want...

so do you what should it be set to if i am sending all traffic through the tunnel?

look at my following router config. the router creates a tunnel back to our datacenter. all traffic goes through the tunnel, including web based traffic. i have a question regarding the NATing. is ACL 101 correct if i need to NAT my local network on the router to my remote site...

quadratic, you were right. i had to put 0.0.0.0/255.255.255.255 in the config on the concentrator on the far side as the local network in order for tunnel to come back up and for all traffic to go through tunnel. thanks for everyones help.

so if i do ip access-list 10.31.0.0 0.0.255.255 any on the router side, do i do 0.0.0.0/0.0.0.0 on the concentrator side?

when i replace acl 100 with ip any any the tunnel drops. i have made no other changes, just that one. here is the logging output. only error i think i see is "peer does not do paranoid keepalives" not sure what that is *Mar 8 21:15:28.615: ISAKMP:(0:8:HW:2): vendor ID seems Unity/DPD...

thanks netrx, but when i modified to what you said the tunnel drops. i might have the concentrator on the opposite side setup imporperly. there are two network lists on the 3000 in the LAN to LAN connection: local network - has network list 10.31.0.0/0.0.255.255 remote network - has network...

I am trying to send all traffic through the IPSEC VPN tunnel. This router connects to a cisco 3000 back at our datacenter. I want internet traffic to go through the tunnel and out the datacenter side. Right now all 10.x.x.x networks go through the tunnel, but when I try to go to a website...

VinceWhirlwind, I have a question. If I use the option to add an "IP address secondary" to the existing LAN interface as such 1st 167.233.100.1 /24 2nd 192.168.1.1/24 and then I connect that interface into a layer 2 switch, should I be able to ping both gateways as long as I configured the...

thanks for the info vincewhirlwind. i will try some of your suggestions out. nunzeo

thanks. got it. i guess i knew the answer but just wanted reassurance.

no but i do understand what you are saying. at that point i could create a vlans on that router and then they are directly connected. i guess my whole point of this thread was to get the answer on if those networks had to be directly connected. thanks for your help.

they are two seperate physical routers. so router A 192.168.10.1 / 24 would be plugged into the same layer 2 switch as router B 167.233.100.1 /24. so i am guessing they are not directly connected? so then i need another router with one interface on the 192 side and the other on the 167 side?

this is just temporary so no routing protocol needed at this time. but can i do a route on the 192 router as such 167.233.100.0 /24 for next hop to 167.233.100.1? or does the route on the 192 router have to route to another 192 router that is directly connected to the 167 network configured on...

I am looking to merge two networks (on the same LAN) and have a question. Network A router is 192.168.100.1 Network B router is 167.233.100.1 If I want to be able to route clients from the 192 network to the 167 network, can I do the following: Create static route on 192.168.1001 for...