Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Need step-by-step guidance on creating a VPN

Status
Not open for further replies.
outonalimb

outonalimb

Technical User
Joined
Oct 7, 2003
Messages
454
Location
GB
I'm completely new to VPN. I know the basics of TCP/IP and routing but I need some serious help with the configuration of two Cisco 837 routers.

The scenario is that my boss has a home security system which is IP based and wants to connect it to our corporate network. The question is how do I do it?

I have two Cisco 837 ADSL routers which both have an assigned IP address given to us by our ISP. At present, these are both connected to the internet - I set them up using the CRWS. I have done nothing in the IOS.

I now need to create a secure VPN connection between the two networks so my boss can view his cameras.

My bosses home LAN: 192.168.1.x
Router Private IP: 192.168.1.1
Router Public IP: 82.22.22.1

Corporate LAN: 192.100.100.x
Router Private IP: 192.100.100.1
Router Public IP: 83.22.22.1

Can someone please help as I am very confused?


 
Sort by date Sort by votes
Hello....might look something like the following:

Corporate Router :

service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname router_2611
!
logging queue-limit 100
enable password 7 ##############################
!
memory-size iomem 15
ip subnet-zero
!
no ip domain lookup
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
!
crypto isakmp key bossesspycam address 82.22.22.1
!
!
crypto ipsec transform-set cm-transformset-1 esp-3des esp-md5-hmac
!
crypto map cm-cryptomap local-address Ethernet0/1
crypto map cm-cryptomap 1 ipsec-isakmp
set peer 82.22.22.1
set transform-set cm-transformset-1
set pfs group1
match address 100
!
interface Ethernet0/0
description connected to LAN
ip address 192.100.100.1 255.255.255.0
ip nat inside
no keepalive
!
interface Ethernet0/1
description connected to Internet
ip address 83.22.22.1 255.255.255.252
ip nat outside
crypto map cm-cryptomap
!
ip nat inside source list 102 interface Ethernet0/1 overload
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 83.22.22.2
!
access-list 100 permit ip 192.100.100.XXX 0.0.0.0 192.168.1.0 0.0.0.255 XXX = bosses work computer (allows access only from his PC)
access-list 102 deny ip 192.100.100.0 0.0.0.255 192.168.1.0 0.0.0.255 (Deny natting from lan to lan)
access-list 102 permit ip 192.100.100.0 0.0.0.255 any (Allow any traffic to internet and nat it)
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
!


Bosses home router:


service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname router_2611
!
logging queue-limit 100
enable password 7 ##############################
!
memory-size iomem 15
ip subnet-zero
!
no ip domain lookup
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
!
crypto isakmp key bossesspycam address 83.22.22.1
!
!
crypto ipsec transform-set cm-transformset-1 esp-3des esp-md5-hmac
!
crypto map cm-cryptomap local-address Ethernet0/1
crypto map cm-cryptomap 1 ipsec-isakmp
set peer 83.22.22.1
set transform-set cm-transformset-1
set pfs group1
match address 100
!
interface Ethernet0/0
description connected to LAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
no keepalive
!
interface Ethernet0/1
description connected to Internet
ip address 82.22.22.1 255.255.255.252
ip nat outside
crypto map cm-cryptomap
!
ip nat inside source list 102 interface Ethernet0/1 overload
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 82.22.22.2
!
access-list 100 permit ip 192.168.1.0 0.0.0.0 192.100.100.0 0.0.0.255 (allows boss full access to lan from home)
access-list 102 deny ip 192.168.1.0 0.0.0.255 192.100.100.0 0.0.0.255 (Deny natting from lan to lan)
access-list 102 permit ip 192.168.1.0 0.0.0.255 any (Allow any traffic to internet and nat it)
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
!

This was a configuration from two dual ethernet routers but should be able to modify to work with your routers.
 
Upvote 0 Downvote
You can also program in a telnet connection to his router from the corp router for remote configuration.

Bosses router

access-list 12 permit 192.168.1.0 0.0.0.255 (any device on bosses lan)
access-list 12 permit 192.100.100.1 0.0.0.0 (only telnet access from corp router)
line vty 0 4
access-class 12 in
password 7 xxxxxxxxxxxxxxx
login
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
555
CPM86
CPM86
testman1
  • Locked
  • Question Question
SIP telephone ring on second call
Replies
0
Views
440
testman1
testman1
jobsp90
  • Locked
  • Question Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
515
DavetheChef
DavetheChef
quazimotto
  • Locked
  • Question Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
316
quazimotto
quazimotto
stanlyn
  • Locked
  • Question Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
643
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top