Is it possible to create a VPN between two ethernet ints on same rtr ?

gregcox1979 · ‎12-19-2005

Hia,

Im a new user so please excuse my lack of knowledge :) For the purpose of a university project can someone please inform me if it is possible to route two networks on two seperate ethernet interfaces on the same router ? I also want to create a VPN between these if possible ? I would be very grateful of any help or pointers you can give.

Thanks in advance !

Greg

P.S. I am using a 2500 series router

Richard Burts · ‎12-19-2005

Greg

Let me make sure that I am understanding your question correctly. You want to define one network on one Ethernet interface (perhaps Ethernet 0) and define another network on another interface of the same router (perhaps Ethernet 1) and you want to know if you can route between them. If that is the correct understanding then the answer is yes you can route between these networks (assuming that you have not disabled ip routing on the router).

I am puzzled about your desire to create an VPN between two connected interfaces. It looks like there are versions of software for the 2500 that do support IPSec, so you should be able to configure IPSec VPNs if you have the correct release and feature set. But I do not believe that Cisco supports IPSec VPN where the router is both the source and the destination of the IPSec traffic. So I doubt that you could configure VPN for this traffic.

Perhaps if you told us more about what you are trying to accomplish we could give better advice.

HTH

Rick

HTH

Rick

gregcox1979 · ‎12-19-2005

Rick,

With regards to your first paragraph, you are correct with your understanding of what I was asking. I have tried to add a route (ip route command) linking the two networks but get the error message:

%Invalid next hop address (it's this router)

This was using two networks:

10.0.100.1 255.0.0.0

10.0.200.1 255.0.0.0

ip route 10.0.100.1 255.0.0.0 10.0.200.1

I need to demonstrate a secure network using a VPN but I only have one router. So Computer A connected to Network 1 (E0) can send/receive data with Computer B on Network 2 (E1) securely using an IPSec VPN.

If I was to just run the windows 2000 VPN Server software on computer A and setup a VPN connection on Computer B running windows XP then would the network traffic be secure without implementing the VPN directly on the router ? I understand if this question is not for this forum.

Thanks in advance. I really appreciate your help.

Greg

Richard Burts · ‎12-19-2005

Greg

There are a couple things in your response that I would comment on. As far as routing between the interfaces is concerned you should not need any route statements. The router should see the two subnets (or two networks) as connected networks and automatically route between them. You only need route statements for destinations that are remote from the router.

Also you describe the networks as:

10.0.100.1 255.0.0.0

10.0.200.1 255.0.0.0

but the netmask for these should be 255.255.255.0 and if you attempt to configure them on the router with 255.0.0.0 mask you should get an error message about overlapping addresses.

As far as demonstrating a secure network is concerned, if your demonstration is a single router then the network is as secure as the router itself is secure. If the network you are trying to model is larger than a single router then your demonstration must have at least two routers. I believe that you can not run an IPSec VPN on Cisco routers where the same device is both the source and the destination.

HTH

Rick

HTH

Rick