Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How do I setup SECURE VPN with remote routers

Status
Not open for further replies.
Ankton

Ankton

Technical User
Jul 1, 2002
26
AU
Can anyone help please, I have to setup vpn links over three remote sites.

Server is win 2k small business server
routers cisco 827's, have been upgraded to take IP SEC
current internet access is ADSL

Any help would be appreciated.[thumbsup2]
 
Sort by date Sort by votes
I am trying to the same thing except with 2 routers, both 827's. I have got static IP's on both ends of the ADSL connection. I havn't been able to try this yet, but will be doing so in a few weeks, but below are my findings so far. Anyone agree / disagree then please let me know.

1st to configure the encryption.
Router1(config)#crypto isakmp policy 1
Router1(config-isakmp)#encryption 3des
Router1(config-isakmp)#hash sha
Router1(config-isakmp)#authentication pre-share
Router1(config-isakmp)#group 1
Router1(config-isakmp)#lifetime 14400
2nd Configure keying method
Router1(config)#crypto isakmp identity address
Router1(config)#crypto isakmp key secretkey address 200.1.1.1

So the pre-shared key is 'secretkey' and the ip of the address of the other router is 200.1.1.1

You then use access-lists to set up an encryption policy between the routers.
Next you need to define a transform list
Router1(config)#crypto ipsec transform-set tset1 esp-des ah-sha-hmac esp-md5-hmac
Router1(cfg-crypto-trans)#mode tunnel

Next we need to create a crypto map
Router1(config)#crypto map cmap1 local-address atm 0
Router1(config)#crypto map cmap1 ipsec-isakmp
Router1(config-crypto-map)#match address 111 --this relates to the access list.
Router1(config-crypto-map)#set peer 200.1.1.1
Router1(config-crypto-map)#set transform-set tset1

Just to add the crypto-map to the interface
Router1(config)#int atm 0
Router1(config-if)#crypto map cmap1

Just make sure that the proper routes are added to get the data down the tunnel.

Hope this helps, any errors, sugestions etc then let me know as i have to implement this in a week or so.
 
Upvote 0 Downvote
Thanks alanlawrence thats great however I forgot to mention that I will have dynamic ips on the remote sites.
 
Upvote 0 Downvote
Ankton, so how are you going to know the ip at the other end to establish the connection? Using some form of dynamic dns might be the answer, as long as you have a resolvable address things will be ok.
To do this, instead of using 'address w.x.y.z' in the above config you use 'hostname something.yi.org' or whatever dynamic dns system you set up.
I havn't tried any of this yet, but at least it's pointing you in the right direction.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CPM86
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
362
CPM86
CPM86
jobsp90
  • Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
266
DavetheChef
DavetheChef
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
690
BIS
BIS
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
576
madwok
madwok
quazimotto
  • Locked
  • Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
251
quazimotto
quazimotto

Part and Inventory Search

Sponsor

Back
Top