f



How to Configure Site-to-Site VPN in Cisco Routers

Hi all,
I have done a simplified step-by-step procedure to do site-to-site
VPN. Please take a look at it and give me your notes. Is it clear and
simple? did I miss something?

How to Configure Site-to-Site VPN in Cisco Routers
http://www.routergeek.net/content/view/50/37/

All feedback is welcomed.

Regards,

Mohammed

0
5/2/2007 9:31:09 AM
comp.security.firewalls 10672 articles. 0 followers. dfinc1988 (97) is leader. Post Follow

2 Replies
594 Views

Similar Articles

[PageSpeed] 41

Mohammed Alani wrote:
> I have done a simplified step-by-step procedure to do site-to-site
> VPN. Please take a look at it and give me your notes. Is it clear and
> simple? did I miss something?

Yes. You do not give the router models and IOS versions. Change the 
router or the IOS version and things look different.

Gerald
0
vogt (369)
5/2/2007 10:13:19 AM
On May 2, 12:13 pm, Gerald Vogt <v...@spamcop.net> wrote:
> Mohammed Alani wrote:
> > I have done a simplified step-by-step procedure to do site-to-site
> > VPN. Please take a look at it and give me your notes. Is it clear and
> > simple? did I miss something?
>
> Yes. You do not give the router models and IOS versions. Change the
> router or the IOS version and things look different.
>
> Gerald

Thank you for taking the time to look at the article Gerald.
Your note is true. The procedure works on SOHO routers and few of the
other routers.
I will add it.


Mohammed

0
5/2/2007 2:37:05 PM
Reply:

Similar Artilces:

Site to Site VPN routing
I am trying to connect a Cisco 1841 router to a Nortel VPN Router 1010 via a IPSEC VPN tunnel. I actually have the tunnel up and running. My problem is that I cannot figure out how to tell the Cisco Router to route traffic from its private network to the private network on the Nortel Router. The Nortel Router seems to just route traffic to the Cisco Router's public interface and it works. If I put a static route in the Cisco Router to route to the Nortel Router's public interface, I get nothing. Any help would be appreciated. On Sep 21, 1:46 pm, peachma...@yahoo.com wrote: > I...

Site to site with one site's VPN router behind another router
I need to set up a site to site vpn and I am planning to use a Netgear FVS114 or similar at each end. However I have just found out that at one site I will need to put the FVS114 behind an existing firewall router which I don't have access to. The most I can expect is to get some ports forwarded to the FVS114. I haven't bought the units yet, but I have read the docs for the FVS114 and I can't see any reference to specifying a port in the address for the "other" end of a link. Can this be done? If it can't what options do I have? The firewall ...

Cisco ASA 5500 to Router site to site VPN
I'm trying to setup a site to site VPN between a Cisco 3725 and a ASA5505, I am able to create a VPN between the ASA5505 and a PIX515 and the 3725 router and a 2600 router so I'm not sure what I'm missing when it comes to the router/ASA combo. My two configurations are below... ASA5500 : Saved : ASA Version 7.2(4) ! hostname bambam domain-name default.domain.invalid enable password blah encrypted passwd blah encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 172.31.12.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 pppoe client ...

site-to-site VPN router to PIX VPN
I have a site-to-site router to PIX VPN; all traffic sent from the remote site comes to the home office site with the PIX. Can you exempt certain traffic from coming back to the home office, and instead go direct to the internet? Any cisco.com links? thanks FrishacK In article <bdbf7b0c9462dc6263a87a0b20101bcd@news.teranews.com>, tical <none@none.net> wrote: :I have a site-to-site router to PIX VPN; all traffic sent from the :remote site comes to the home office site with the PIX. Can you exempt :certain traffic from coming back to the home office, and instead go :direct to...

Site to Site VPN Issues w/ Cisco Router/NAT
Good afternoon, My company is having some issues deploying a site to site VPN. It's been a rather tricky configuration, as we're connecting to a stock exchange, and they expect the IP's to be in a 10.74.74.0/24 address range, and our systems are actually 192.168.254.0/24 range. So, we need to NAT our addresses to the 10.74.74.0/24 range on the router and then send them across the network. This seems simple, at least in concept. I'm a CCNA, had a good deal of experience working with client to site VPN's and a lot of router/switch configuration - is this something that I...

Vpn site to site + vpn cisco client access list problem.
Hi I have problem to get vpn site to site tunnel and the vpn client tunnel to work at the same time. How can I join access list 80 and 100 so i can add them to nat "(inside) 0 access-list 80" I got a pix 501 and 2620 and on the pix 501 It's accessible thugh Cisco VPN client. The config on the pix 501: : Written by admin at 15:32:22.817 CEDT Mon Aug 7 2006 PIX Version 6.3(5) interface ethernet0 100full interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password g4JAhKwvQDnczMDZ encrypted passwd g4JAhKwvQDnczMDZ encrypted ...

Cisco 1700 Site-Site VPN
Hello, I'm trying to set up a Site to Site VPN with two Cisco 1700 Routers. But I didn't get it to fly. When the tunnel ist setup the routing doesn't work or other things. Here is what I want to do: 192.168.4.0/24 -- RouterA --- INTERNET --- RouterB -- 192.168.6.0/24 Router A and Router B have a static IP. Lets Say IPA and IPB. Here is my config of RouterB. RouterA locks mostly the same except it does Dialup so the interface on the outside is Dialer0. I didn't find the failer. Can someone plz help me out? Router config from Router B ============================ ! version 1...

Low speed in Site-to-Site VPN configuration
Hi, I configured the Site-to-Site VPN with two PIX515E, and a link with 10Mbits Broadband between two PIX, and the link is also for Internet Access. But I find that the traffic in the VPN is so slow, anybody provides way to check and improve the VPN ? Thank you Benson In article <f910ed55.0410260048.5959789a@posting.google.com>, Benson <bensonlei@yahoo.com.hk> wrote: :I configured the Site-to-Site VPN with two PIX515E, and a link with :10Mbits Broadband between two PIX, and the link is also for Internet :Access. But I find that the traffic in the VPN is so slow, anybody :provide...

Cisco 877 NAT and site-site VPN
Hello, Can you NAT a site-to-site VPN? I have a Cisco 877 which I have been using for internet access. My internal network 10.10.10.0/24 is hidden behind the router's static external IP address using NAT. Now I am trying to set up a VPN to another company, Their firewall is 199.99.99.99. Within their network I need to access computers in subnet 177.77.77.0/24 I set up the VPN using Cisco Security Device Manager (SDM) - This changed my NAT rule to use route-map so that the NAT and VPN would not conflict, This means that my internal addresses are not hidden from the other end of t...

site to site VPN CISCO PIX #2
I use a VPN site to site, PIX 515 to PIX 501. The access is 2 ways. Could I configure a priority through tunnel? I want to permit the access only PIX 515 to PIX 501 and deny for PIX 501 to 515. I used crypto map outside_map client configuration address initiate --for PIX 515 crypto map outside_map client configuration address respond --for PIX 501 But I have access in two ways !!! Could I use a command crypto ? Thank you ! silviumed In article <1146524343.471393.228570@v46g2000cwv.googlegroups.com>, <silviumed@gmail.com> wrote: >I use a VPN site to site, PIX 515 to PIX 50...

Site to Site VPN . Cant Connect To Inside Router Interfaces
Hello.. I have a lan to lan tunnel between 2 sites. Lets say the internal networks are 10.10.70.0/24 and 10.10.80.0/24. All hosts on each side can talk, ping, connect and everything with one another. However I cant get the router inside interfaces where each lan lives. So from a host on 10.10.70.0/24 I can't get to 10.10.80.1 .. and vice versa (10.10.80.0/24 --> 10.10.70.1).. These are both ASA devices. I'm thinking this has to do directly with the ASA interface security, but i cant figure it out. All NAT rules, and IP traffic is allowed between these LANs. There shouldnt be any ...

VPN Site To Site between a Cisco 831 and a bintec X1200 #3
Has anyone runs a Site To Site VPN tunnel between a cisco router and a bintec router ? mrucker@gmx.de wrote: > Has anyone runs a Site To Site VPN tunnel between a cisco router and a > bintec router ? > Have you any link about the router stranger in this NG? Alex. ...

Site to Site VPN problem between ASA5500 & 1800 router
Hi, I configured Cisco ASA 5500 security appliance and cisco 1800 router, I want to enable site to site vpn tunnel between this two devices. But I keep getting error: All IPSec SA proposals found unacceptable!. Can someone take a look on the configuration and advise me how to resolve the problem, get site to site vpn work. Thank you, Young ASA 5500, 1800 router configuration and debug log as following: ASA5500 outside ip address: x.x.x.1 1800 router outside ip address: x.x.x.2 ------------------------------------------------------------------------------------------------------- ASA ...

Site-to-Site VPN & VPN Server
We currently have a site-to-site VPN. We would like to also setup our own VPN so our agents can work from home. When I use the SDM to setup the VPN server, it takes down the site-to-site. Questions are: 1) Is this possible, if so, then thats great :-) 2) If it is possible, is SDM the best in setting up this? Can I have the same IP Sec Policy for both vpns? I haven't had any luck using SDM. Best to go on to CCO and look for some sample configs to help you with this. If you cannot find any, then post your config, and take out the IP"s and passwords so we are not tempted t...

RE: Seeking Data Archiving (BACKUP) Suggestions (was: Re: VAX/VMS site) site)site) site) site)site)site) site)site)
From: Hoff Hoffman [mailto:hoff-remove-this@hp.com]=20 Sent: Wednesday, August 16, 2006 2:06 PM To: Info-VAX@Mvb.Saic.Com Subject: Re: Seeking Data Archiving (BACKUP) Suggestions (was: Re: VAX/VMS site) site)site) site) site)site)site) site)site) JF Mezei wrote: > Barry.Treahy@EmersonNetworkPower.com wrote: >> You might find the costs to migrate everything from the 4000/100 models >> to replacement CHARON 4000/108 emulated systems cost effect especially >=20 > If he starts to evaluate migration costs, he might find it cheaper to > migrate to Linux or Windows. Yes, ...

REQ: Low-end site-to-site VPN router that does split tunneling
I have a diagram at a link that'll last for 7 days showing what I'm trying to do. http://s40.yousendit.com/d.aspx?id=39VRY3IK1QFFV1AWDR7I47XIYC I want a low-end Split-tunneling site-to-site VPN router. At least I think I do. My goal is to avoid needing any VPN software on the PC's of either site. However, if folks use PC's or laptops from remote locations, they will need some type of VPN client -- hopefully something built into XP. I currently have one network card in each computer. I can install another if it'll help. There's one internet (cable, static IP) ...

Remote VPN users access to site to site networks (mostly configured)
I’m not sure which piece I am missing but I think I am almost there. set up is: ---------------- ----------------- ----------------- |PIX | |ASA | |VPN | |506E |---works-----|5520 |--works---|connections | |inside IP | |inside IP | |IP range | |192.168.4.0/24| |192.168.26.0/24| |192.168.27.0/24| ---------------- ----------------- ----------------- | | ...

RE: Seeking Data Archiving (BACKUP) Suggestions (was: Re: VAX/VMS site) site)site) site) site)site)site) site)site) #2
-----Original Message----- From: Dave Froble [mailto:davef@tsoft-inc.com]=20 Sent: Thursday, August 17, 2006 12:23 AM To: Info-VAX@Mvb.Saic.Com Subject: Re: Seeking Data Archiving (BACKUP) Suggestions (was: Re: VAX/VMS site) site)site) site) site)site)site) site)site) Stanley F. Quayle wrote: > On 16 Aug 2006 at 14:42, Barry.Treahy@EmersonNetworkPower.com wrote: >> You might find the costs to migrate everything from the 4000/100 models >> to replacement CHARON 4000/108 emulated systems cost effect >=20 > Another CHARON-VAX possibility [Shameless Plug Alert (tm)] is to=20 ...

PIX
Hi, I've been looking intently at the Cisco website documentation (not all of it seems correct/complete) and have successfully set up a PIX515 to PIX506 site-to-site tunnel. In addition, I have VPN Clients set up to access the PIX515 and can access the network behind the PIX515. Here's my problem, I cannot access the remote end of the tunnel (The 506 side) from my VPN client when it is connected to the PIX515. Also, I cannot ping through to the 'other' end of the tunnel from either PIX. Only hosts behind the PIX, can ping through to the other side. There are obviously le...

Site to site VPN
Hi, I've got a problem with a site to site VPN. My company runs web services for its customers. As part of the set up for one of them I've had to set up a VPN between us and them (I'm using a safe@office 500P, they're using a PIX). The VPN works well, but when it is up, the customer can no longer access our web service. It's been suggested that they should be using internal IP addresses to access the service, but unfortunately this doesn't work either. As far as I can see, when the VPN is up, all access to our services is being sent down the tunnel rather...

VPN
Dear all, Does anyone here have any idea how to configure IPSec VPN from site to multiple site on Cisco Router? (Like Mesh: 1. SiteA connect to siteB and SiteC; 2. SiteB connect to SiteA and SiteC; 3. SiteC connect to Site A and SiteB ) I used to see site-to-site VPN, from SiteA to SiteB we will need to configure pre-shared key and tie it with remote peer's ip address, create transform-set, configure crypto-map (also map with peer's address). I wonder, with VPN multiple site will it be the same (on one site create two key and crypto-map set two peer's address?) Thanks, hhscam ...

Web resources about - How to Configure Site-to-Site VPN in Cisco Routers - comp.security.firewalls

How To Stop Creepy Ads From Following You From Site To Site
Firefox is considering adding a "do not track" feature, but Internet Explorer 8 already has one.

[技术分享]小谈 TMG 建立 IPsec Site-to-Site VPN - 微软大中华区安全博客 - 比特博客
TMG作为微软的网关产品可以和其他产品建立Site-to-Site VPN,这样可以让两端防火墙后面的指定资源实现互访。而IPsec VPN是当前比较流行的VPN,又可以和其他设备兼容。在配置过程中,不少客户遇 ..

Resources last updated: 3/12/2016 9:52:27 PM