Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Building a simple Cisco 837 VPN infrastructure

Status
Not open for further replies.
outonalimb

outonalimb

Technical User
Joined
Oct 7, 2003
Messages
454
Location
GB
We currently have 3 sites, each with a new ADSL connection (with static IP address). At the moment we are connecting each site together using 3Com ISDN routers and are looking to move toward an ADSL VPN infrastructure to save money!

We currently have 3 Cisco 837's on the shelf which i'm hoping can be used to create the VPN connection between each site using ADSL.

The question is, how do I do it?! Do I need to set up Easy VPN on each device? Do I need to use the IOS?

If anyone can be of any assistance then it would really be appreciated.
 
Sort by date Sort by votes
Hello....


Take a look at the following config. IP addresses would need to be changed to your network addresses. Crypto keys for each vpn must be the same at each end. To add additional connections create additional crypto policy, crypto key, trans-form set, crypto map, and accociated access-list. Next set would be 2, then 3 and so on. Each crypto map should have its own access-list to the remote network. Keep in mind to add all networks to access-list 102 to prevent natting to remote lan segments.

Hope it helps


service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname router_2611
!
logging queue-limit 100
enable password 7 ##############################
!
memory-size iomem 15
ip subnet-zero
!
no ip domain lookup
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
!
crypto isakmp key site1 address 64.12.22.81
!
!
crypto ipsec transform-set cm-transformset-1 esp-3des esp-md5-hmac
!
crypto map cm-cryptomap local-address Ethernet0/1
crypto map cm-cryptomap 1 ipsec-isakmp
set peer 64.12.22.81
set transform-set cm-transformset-1
set pfs group1
match address 100
!
interface Ethernet0/0
description connected to LAN
ip address 172.16.10.2 255.255.255.0
ip nat inside
no keepalive
!
interface Ethernet0/1 (ADSL interface)
description connected to Internet
ip address 65.12.22.49 255.255.255.252
ip nat outside
crypto map cm-cryptomap
!
ip nat inside source list 102 interface Ethernet0/1 overload
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 65.12.22.50 (Default route to next hop router)
!
access-list 12 permit 172.16.10.0 0.0.0.255 (Secure access to VTY port)
access-list 100 permit ip 172.16.10.0 0.0.0.255 172.18.10.0 0.0.0.255 (172.18.10.0 is remote lan segment)
access-list 102 deny ip 172.16.10.0 0.0.0.255 172.18.10.0 0.0.0.255 (Deny natting from lan to lan)
access-list 102 permit ip 172.16.10.0 0.0.0.255 any (Allow any traffic to internet and nat it)
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
access-class 12 in
password 7 ###################
login
!

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Blackybear
  • Locked
  • Question Question
Cisco RV042G router
Replies
0
Views
316
Blackybear
Blackybear
B
  • Locked
  • Question Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
397
badwolf1686
B
CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
554
CPM86
CPM86
pbxcomm
  • Locked
  • Question Question
CISCO VG450
Replies
1
Views
809
nt8d09
nt8d09
Skip Rango
  • Locked
  • Question Question
how to backup cisco sg500-52p switch
Replies
1
Views
791
madwok
madwok

Part and Inventory Search

Sponsor

Back
Top