f



site-to-site vpn #2

show a sample configuration, there are two routers with two ISPs
they set up a choice of providers in the fall of another, you need to
connect 2 routers tunnel,
in what way will be a choice on what sort of tunnel back to work,
please give an example of working configuration.

            R1------------- isp1--------------R2
                -------------isp2 --------------
0
1vasya1 (2)
12/20/2011 10:29:43 AM
comp.dcom.sys.cisco 25313 articles. 0 followers. Post Follow

2 Replies
599 Views

Similar Articles

[PageSpeed] 6

"Slava" <1vasya1@gmail.com> wrote in message 
news:96d9a0ec-12fe-4495-ae8f-3847ed01d3d4@n6g2000vbg.googlegroups.com...
>
> show a sample configuration, there are two routers with two ISPs
> they set up a choice of providers in the fall of another, you need to
> connect 2 routers tunnel,
> in what way will be a choice on what sort of tunnel back to work,
> please give an example of working configuration.
>
>            R1------------- isp1--------------R2
>                -------------isp2 --------------

do your own homework 

0
12/20/2011 6:10:46 PM
On 2011-12-20 03:29:43 -0700, Slava said:

> show a sample configuration, there are two routers with two ISPs
> they set up a choice of providers in the fall of another, you need to
> connect 2 routers tunnel,
> in what way will be a choice on what sort of tunnel back to work,
> please give an example of working configuration.
> 
>             R1------------- isp1--------------R2
>                 -------------isp2 --------------


Most people here would be happy to help, if you show that you are 
willing to do your part as well.

Here, allow me to help you get started:

<http://lmgtfy.com/?q=site-to-site+VPN+Cisco+router+configuration>

Good luck!

-- 
Scott Lowe
http://blog.scottlowe.org
Replace fname and lname tokens to create valid e-mail address

0
12/20/2011 9:07:02 PM
Reply:

Similar Artilces:

site-2-site VPN
Hi everybody, I was asking about the S2S VPN lately, but have a bit different question now. What are the industry standards / best practices to securely connect two company branches? I was thinking of a VPN connection, but it does not allow one to connect two identical subnets e.g. 10.11.12.0/24 with 10.11.12.0/24. Is there a way to connect two offices via VPN and reduce or eliminate the possibility of subnet overlap? Thanks, AL ALeu schrieb: > I was asking about the S2S VPN lately, but have a bit different question > now. What are the industry standards / best practices to sec...

RE: Seeking Data Archiving (BACKUP) Suggestions (was: Re: VAX/VMS site) site)site) site) site)site)site) site)site) #2
-----Original Message----- From: Dave Froble [mailto:davef@tsoft-inc.com]=20 Sent: Thursday, August 17, 2006 12:23 AM To: Info-VAX@Mvb.Saic.Com Subject: Re: Seeking Data Archiving (BACKUP) Suggestions (was: Re: VAX/VMS site) site)site) site) site)site)site) site)site) Stanley F. Quayle wrote: > On 16 Aug 2006 at 14:42, Barry.Treahy@EmersonNetworkPower.com wrote: >> You might find the costs to migrate everything from the 4000/100 models >> to replacement CHARON 4000/108 emulated systems cost effect >=20 > Another CHARON-VAX possibility [Shameless Plug Alert (tm)] is to=20 ...

Vpn site to site + vpn cisco client access list problem.
Hi I have problem to get vpn site to site tunnel and the vpn client tunnel to work at the same time. How can I join access list 80 and 100 so i can add them to nat "(inside) 0 access-list 80" I got a pix 501 and 2620 and on the pix 501 It's accessible thugh Cisco VPN client. The config on the pix 501: : Written by admin at 15:32:22.817 CEDT Mon Aug 7 2006 PIX Version 6.3(5) interface ethernet0 100full interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password g4JAhKwvQDnczMDZ encrypted passwd g4JAhKwvQDnczMDZ encrypted ...

Site to Site VPN #2 86105
Hello i need some help about configuration CISCO 1812. We have established VPN between main office A and branch office B. And now all the traffic is secured. But I need on side A to establish that clients from B can get only to one server and not all LAN. Is this possible with Cisco 1812. Thanks B I suppose you must be using some access-list on VPN configuration and you need to only allow te ip/server ip you want to on access-list else drop. On Apr 1, 3:19 pm, boris.ko...@gmail.com wrote: > Hello i need some help about configuration CISCO 1812. > We have established VPN between main office A and branch office B. > And now all the traffic is secured. But I need on side A to establish > that clients from B can get only to one server and not all LAN. > > Is this possible with Cisco 1812. > > Thanks > > B Thanks for replay. I tought to that I need to do in ACL list but it doesn't work. description Tunnel to xy set peer 217.16.87.246 set security-association lifetime seconds 86400 set transform-set ESP-3DES-SHA1 ESP-3DES-SHA match address 108 access-list 108 remark IPSec Rule access-list 108 permit ip 10.0.0.0 0.0.0.255 10.98.0.0 0.0.255.255 Can you write how to drop it. I need only permisson to server with IP 10.0.0.4 B On Apr 2, 8:18 am, "CK" <chetan.ka...@gmail.com> wrote: > I suppose you must be using some access-list on VPN configuration and > you need to only allow te ip/server ip you want t...

Cisco 1700 Site-Site VPN
Hello, I'm trying to set up a Site to Site VPN with two Cisco 1700 Routers. But I didn't get it to fly. When the tunnel ist setup the routing doesn't work or other things. Here is what I want to do: 192.168.4.0/24 -- RouterA --- INTERNET --- RouterB -- 192.168.6.0/24 Router A and Router B have a static IP. Lets Say IPA and IPB. Here is my config of RouterB. RouterA locks mostly the same except it does Dialup so the interface on the outside is Dialer0. I didn't find the failer. Can someone plz help me out? Router config from Router B ============================ ! version 1...

site to site vpn #2 481678
Hello all, We are currently terminating vpn connections from client sites in our dmz area and then letting their traffic pass through our firewall. The circuits and routers that the vpns terminate on are owned by the clients and are located at our facility. We are currently using the 10.0.0.0 address space and so are some of our clients. I can forsee a time when we might have a problem with this if a client has a host at 10.0.0.1 and if we have a host at 10.0.0.1 and we try to connect to the client's host our router will think the host is on the local subnet and not route the packet to the...

Site to Site VPN routing
I am trying to connect a Cisco 1841 router to a Nortel VPN Router 1010 via a IPSEC VPN tunnel. I actually have the tunnel up and running. My problem is that I cannot figure out how to tell the Cisco Router to route traffic from its private network to the private network on the Nortel Router. The Nortel Router seems to just route traffic to the Cisco Router's public interface and it works. If I put a static route in the Cisco Router to route to the Nortel Router's public interface, I get nothing. Any help would be appreciated. On Sep 21, 1:46 pm, peachma...@yahoo.com wrote: > I...

How to Configure Site-to-Site VPN in Cisco Routers
Hi all, I have done a simplified step-by-step procedure to do site-to-site VPN. Please take a look at it and give me your notes. Is it clear and simple? did I miss something? How to Configure Site-to-Site VPN in Cisco Routers http://www.routergeek.net/content/view/50/37/ All feedback is welcomed. Regards, Mohammed Mohammed Alani wrote: > I have done a simplified step-by-step procedure to do site-to-site > VPN. Please take a look at it and give me your notes. Is it clear and > simple? did I miss something? Yes. You do not give the router models and IOS versions. Change the router or the IOS version and things look different. Gerald On May 2, 12:13 pm, Gerald Vogt <v...@spamcop.net> wrote: > Mohammed Alani wrote: > > I have done a simplified step-by-step procedure to do site-to-site > > VPN. Please take a look at it and give me your notes. Is it clear and > > simple? did I miss something? > > Yes. You do not give the router models and IOS versions. Change the > router or the IOS version and things look different. > > Gerald Thank you for taking the time to look at the article Gerald. Your note is true. The procedure works on SOHO routers and few of the other routers. I will add it. Mohammed ...

How to Configure Site-to-Site VPN in Cisco Routers
Hi all, I have done a simplified step-by-step procedure to do site-to-site VPN. Please take a look at it and give me your notes. Is it clear and simple? did I miss something? How to Configure Site-to-Site VPN in Cisco Routers http://www.routergeek.net/content/view/50/37/ All feedback is welcomed. Regards, Mohammed ...

Site 2 Site VPN support WINS?
Currently, I have Cisco 506e PIX and a Linksys VPN end-point router connected. I have NetBIOS Broadcast enabled on the Linksys, but not able to use "\\workstation1" to access remote computer. But if I use the actually IP address of that workstation, it is ok ("\\192.168.1.100"). Does WINS work on a site-to-site VPN setup? In article <n2lve1hibkn767vnd28mvjvadal09veaik@4ax.com>, Latest News <for_latest_news att hotmail dott com> wrote: :Currently, I have Cisco 506e PIX and a Linksys VPN end-point router :connected. I have NetBIOS Broadcast enabled on the Links...

site to site vpn with internal NAT #2
Hello. I have a PIX 501. inside network = 192.168.1.0 255.255.255.0. I need to create a site to site IPSEC VPN through the external interface. on the remote side, there's already a LAN with 192.168.1.0, so they asked me to configure an internal NAT in my system so that when my 192.168.1.101 tries to contact a peer on the remote side, he will be identified as 192.168.48.49. Is this possible? if so - how? Thanks. In article <1131656242.987765.16140@g43g2000cwa.googlegroups.com>, Meni <meni.milstein@gmail.com> wrote: :I have a PIX 501. :inside network = 192.168.1.0 255.255.25...

Cisco 877 NAT and site-site VPN
Hello, Can you NAT a site-to-site VPN? I have a Cisco 877 which I have been using for internet access. My internal network 10.10.10.0/24 is hidden behind the router's static external IP address using NAT. Now I am trying to set up a VPN to another company, Their firewall is 199.99.99.99. Within their network I need to access computers in subnet 177.77.77.0/24 I set up the VPN using Cisco Security Device Manager (SDM) - This changed my NAT rule to use route-map so that the NAT and VPN would not conflict, This means that my internal addresses are not hidden from the other end of t...

How to Configure Site-to-Site VPN in Cisco Routers
Hi all, I have done a simplified step-by-step procedure to do site-to-site VPN. Please take a look at it and give me your notes. Is it clear and simple? did I miss something? How to Configure Site-to-Site VPN in Cisco Routers http://www.routergeek.net/content/view/50/37/ All feedback is welcomed. Regards, Mohammed ...

VPN
Here is my debug and config... it appears as if the tunnel is being set up but I cannot access the remote LAN. Any suggestions? TIA. : Saved : PIX Version 6.3(5) fixup protocol tftp 69 names access-list 102 permit tcp any any eq www access-list 102 permit icmp any any access-list 102 permit icmp any any echo-reply access-list 101 permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.252.0 access-list 101 permit icmp any any access-list NoNAT permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.252.0 ip address outside 1.1.1.1 255.255.255.248 ip address inside 10.1.1.1 255.255.255.0 global (outside) 1 1.1.4 nat (inside) 0 access-list NoNAT nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group 102 in interface outside route outside 0.0.0.0 0.0.0.0 1.1.1.123 1 sysopt connection permit-ipsec crypto ipsec transform-set abcd1 esp-des esp-md5-hmac crypto map map1 1 ipsec-isakmp crypto map map1 1 match address 101 crypto map map1 1 set peer 4.4.4.4 crypto map map1 1 set transform-set abcd1 crypto map map1 interface outside isakmp enable outside isakmp key ******** address 4.4.4.4 netmask 255.255.255.255 isakmp identity address isakmp policy 1 authentication pre-share isakmp policy 1 encryption 3des isakmp policy 1 hash md5 isakmp policy 1 group 1 isakmp policy 1 lifetime 1000 : end pixfirewall(config)# ********************************** ISAKMP (0): beginning Main Mode exchange crypto_isakmp_process_block:src:4.4.4.4, dest:1.1.1.1 spt:500 dpt:500 OAK_MM exchange ISAKMP (0): processing SA pa...

Cisco ASA 5500 to Router site to site VPN
I'm trying to setup a site to site VPN between a Cisco 3725 and a ASA5505, I am able to create a VPN between the ASA5505 and a PIX515 and the 3725 router and a 2600 router so I'm not sure what I'm missing when it comes to the router/ASA combo. My two configurations are below... ASA5500 : Saved : ASA Version 7.2(4) ! hostname bambam domain-name default.domain.invalid enable password blah encrypted passwd blah encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 172.31.12.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 pppoe client ...

PIX 515 vpn site-2-site -> Linux
Hi NG, i need some help on a vpn site-2-site connection bedween my pix and a linux box. I'pretty new to networking and cisco pix since i had to take over someones job since yesterday! i've been looking at the pix manual, it tells me to insert following with a pix-2-pix vpn tunnel: crypto ipsec transform-set strong ESP-DES-MD5 esp-des esp-md5-hmac access-list ACL_NAME permit ip IPADRESS 255.255.255.0 IPADRESS 255.255.255.0 nat 0 access-list ACL_NAME nat (inside) 1 0 0 global (outside) 1 IP_Start-IP_END global (outside) 1 PAT_IPs_Adr crypto map outside_map 40 ipsec-isakmp crypto map...

PIX VPN Problem (EZvpn and Site-2-Site in parallel)
Hello, I shall establish a EZvpn and a site-2-site VPN config on a single PIX. Sounds straight forward and not to difficult. Yes, but ? Both part on their own work just fine. When I run the EZvpn part and then add the site-2-site part I never get a proper ISAKMP releationship as you can see from the two show outputs at the very end. Below you see the configuration I use. There must be something wrong with the order of operation for the authentication of the site-2-site connection. Any help is greatly appreciated. Roland Configuration extract: ---------------------- crypto ipsec transf...

setting up site-2-site with PIX 506e VPN Wizard
Hi All: looking for an introduction on setting up a site-to-site vpn between two PIX 506e using the wizard. Pix 1 has inside IF 192.168.0/24 Pix 2 has inside IF 192.168.1/24 I want to enable 192.168.0.10 to connect to 192.168.1.15 I tried to step through the wizard, but am stuck at what to configure for the remote IPSec Traffic Selector. If I select the inside IF of PIX 2 and enter 192.168.1.15 as the termination point, I'm prompted to provide a static route. Am I setting it up correctly up to that point? If so, what IP/IF would I want to specify for the route? TIA cisco wrote:...

PIX 515 nat 0 and vpn site-2-site
Hi NG, i got 2 sites witch i would like to connect via vpn site-2-site. Now with one of the sites i got an nat 0 accesslist statement. And for the second i dlike to nat 0 again. But since it overrites that statement i just can set one single nat 0 statement ...i do not want to nat to these other sites! nat (inside) 0 access-list ACL_SITE_1 ((nat (inside) 0 access-list ACL_SITE_2)) access-list ACL_SITE_1 permit ip 176.x.x.0 255.255.0.0 host X.Y.Z.Z ((access-list ACL_SITE_2 permit ip 10.x.x.0 255.255.0.0 X.Y.Z.Z 0.0.255.255)) how should i solve this? thank ya Colin -- pix 515E: nat [(...

2 simultaneous site to site VPN tunnels with 3 PIX
I have been having a tough time setting up 3 PIX devices so that all 3 have 2 tunnels to the other 2. I can only get one to keep both tunnels open, making a chain instead of a fully connected triangle. When I managed to bring up the 2nd tunnel on another, it broke the 1st tunnel, leaving me in the same situation. The config for all 3 is nearly identical, so variations in behavior are especially perplexing. 2 are using 6.3(5) and 1 on 6.3(3). Any suggestions would be appreciated. access-list 100 permit ip 192.168.1.0 255.255.255.0 192.168.11.0 255.255.255.0 access-list 100 permit ip 192.16...

Cisco PIX 501-515 Site-to-Site VPN Issue
I'm deferring to the experts in this group to help me solve a nightmare of a PIX configuration issue. I have a PIX 501 located in Connecticut and a PIX 515 located in New York and am trying to put together a site-to-site VPN. The remote access on the 515 works like a charm, but I've been unable to make any headway with the site-to-site. The only way that I've been able to initiate the connection, in fact, is to launch the packet tracer on the 515 to 'send' a packet from an IP on the 515's network to an IP on the 501's. Everything comes back okay, but if I try to ping or connect to any machine on either of the networks from the other one, it doesn't go through, and no useful debugging information seems to be returned. If anyone has any insight into what might be going on, your advice would be tremendously appreciated. I've copied the configurations below and have removed only the clearly-irrelevant parts. PIX 501: Internal IP Range: 10.0.2.0/255.255.255.0 External IP: x.x.123.29 PIX 515: Internal IP Range: 10.0.0.0/255.255.255.0 Remote Access: 10.0.1.0/255.255.255.0 External IP: x.x.23.17 CISCO PIX 501 IN CONNECTICUT PIX Version 6.3(5) access-list outside_access_in permit icmp any any access-list outside_access_in permit tcp any any object-group TCP access-list inside_outbound_nat0_acl permit ip 10.0.2.0 255.255.255.0 10.0.0.0 255.255.255.0 access-list outside_cryptomap_20 permit ip 10.0.2.0 255.255....

Site-to-Site VPN & VPN Server
We currently have a site-to-site VPN. We would like to also setup our own VPN so our agents can work from home. When I use the SDM to setup the VPN server, it takes down the site-to-site. Questions are: 1) Is this possible, if so, then thats great :-) 2) If it is possible, is SDM the best in setting up this? Can I have the same IP Sec Policy for both vpns? I haven't had any luck using SDM. Best to go on to CCO and look for some sample configs to help you with this. If you cannot find any, then post your config, and take out the IP"s and passwords so we are not tempted t...

RE: Seeking Data Archiving (BACKUP) Suggestions (was: Re: VAX/VMS site) site)site) site) site)site)site) site)site)
From: Hoff Hoffman [mailto:hoff-remove-this@hp.com]=20 Sent: Wednesday, August 16, 2006 2:06 PM To: Info-VAX@Mvb.Saic.Com Subject: Re: Seeking Data Archiving (BACKUP) Suggestions (was: Re: VAX/VMS site) site)site) site) site)site)site) site)site) JF Mezei wrote: > Barry.Treahy@EmersonNetworkPower.com wrote: >> You might find the costs to migrate everything from the 4000/100 models >> to replacement CHARON 4000/108 emulated systems cost effect especially >=20 > If he starts to evaluate migration costs, he might find it cheaper to > migrate to Linux or Windows. Yes, ...

(2) Watchguard SOHO 6tc's for site-to-site VPN- Possible?
I have two small offices with 2 users in each and I am using Verizon DSL with Westel DSL modems at each. Could I create a site-to-site VPN using (2) SOHO 6tc's? I plan to use the VPN for printing to a remote printer. Thank You NH Ned Hart wrote: > I have two small offices with 2 users in each and I am using Verizon > DSL with Westel DSL modems at each. Could I create a site-to-site VPN > using (2) SOHO 6tc's? I plan to use the VPN for printing to a remote > printer. > > Thank You > NH Yes. E. In article <4a251bdf.0410281608.d4a3a7a@posting.google.com>, nedhart@hotmail.com says... > I have two small offices with 2 users in each and I am using Verizon > DSL with Westel DSL modems at each. Could I create a site-to-site VPN > using (2) SOHO 6tc's? I plan to use the VPN for printing to a remote > printer. Yes, but you need to make sure that both sides are in different subnets. The SOHO6tc is a IPSec capable firewall - there are many papers on the WatchGuard site that explains how to do this. -- -- spamfree999@rrohio.com (Remove 999 to reply to me) ...

Web resources about - site-to-site vpn #2 - comp.dcom.sys.cisco

How To Stop Creepy Ads From Following You From Site To Site
Firefox is considering adding a "do not track" feature, but Internet Explorer 8 already has one.

[技术分享]小谈 TMG 建立 IPsec Site-to-Site VPN - 微软大中华区安全博客 - 比特博客
TMG作为微软的网关产品可以和其他产品建立Site-to-Site VPN,这样可以让两端防火墙后面的指定资源实现互访。而IPsec VPN是当前比较流行的VPN,又可以和其他设备兼容。在配置过程中,不少客户遇 ..

Resources last updated: 3/28/2016 6:11:39 PM