cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
604
Views
0
Helpful
7
Replies

Can someone check this Config and tell me If It's ok (or not!)

Reprovoid
Level 1
Level 1

Hi.I've created two crypto maps on a 800 series router for a site-to-site vpn.The router fast ethernet Interfaces are L2 and there all assigned to vlan1.

  I've succesfully created a site-to-site hub and spoke vpn with routers using L3 Interfaces.I've applied some of the configuration (eg for nat) on the vlan since I can't configure Ip addresses on the Interfaces and was wondering If someone more knowledgeable can tell me If the configuration Is correct.

  Thank you.

7 Replies 7

Jeff Van Houten
Level 5
Level 5

We're are the configs?

Sent from Cisco Technical Support iPad App

I knew I forgot something

  I've attached the config for the one router , haven't received the other two routers yet.

fb_webuser
Level 6
Level 6

The 800 seriee, like the 877 and 876, they have 4 Fastethernets Ports, that works like the HWIC-4ESW, they behave like a Switch.

So instead of a Routed Interface you have a SVI (Switch Virtual Interface) like a switch.

If the config you used form a routed interface, apply to the interface on the vlan that you created. In this case form what i read, is Interface Vlan 1.

You can use more vlans, depending on your IOS and model of the 800.

for example the 877 only permits 2 vlans, but after upgrading the IOS for Andvanced Entrepises it permit 4.

You can check this by issuing the command:

Router#show vtp status.

You will have the vlans by default ( vlans 1, 1002 to 1005) that you can´t erase.

---

Posted by WebUser Pedro Seabra Ávila from Cisco Support Community App

To ask if this config is ok is a pretty broad question. And I believe that the broad answer is that in general it looks ok. There are a couple of items that I might question, such as the fact that Fasteth0 is configured as a trunk port but you have only a single VLAN defined. You appear to be connected to the Internet and there is no filtering of traffic in or out. I hope that is intentional and there is some firewall protecting your site that we do not have information about.

So let me address a few of the things that are in the config. The configuration of two site to site VPN tunnels looks ok, assuming that it is true that both peers are in the same subnet with your outside interface and your Internet connection. The address translation looks ok since it exempts traffic going through the VPN and translates everything else from inside going outside. The addressing is set up to support a mixture of static IP and DHCP and allowing 50 addresses to be used for DHCP.

HTH

Rick

HTH

Rick

Hi.

  I believe I've applied the config correctly using the vlan as you've mentioned.Can you take a quick look at the config and tell me If It's ok?

  Thank you!

I realise It's a broad question.The other routers haven't arrived from the suppliers yet.I've Just configured this one router.It's not operational yet.I made Fasteth0 a trunk port so I can connect a switch to It.

Well , thanks for checking It , I needed to know If I'm going In the right direction at least.

You can connect a switch to an access port or to a trunk port. Whether you should use an access port or a trunk port depends on whether the switch will have a single VLAN (use access port) or will have multiple VLANs (use a trunk port). If the switch will have multiple VLANs and use a trunk port then you need to configure additional VLANs on the router.

So one way or the other there is an inconsistency in the config. You should either leave the port as a trunk and configure additional VLAN or you should configure the interface as an access port.

HTH

Rick

HTH

Rick
Review Cisco Networking for a $25 gift card