cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
385
Views
0
Helpful
2
Replies

Internet Sharing by Ipsec Site to Site VPN

tanmoy665
Level 1
Level 1

Hi,

My requirment is Clients from site A should access the Internet from site  B (B will be providing internet to site A), So

I have configured Ipsec vpn tunnel beetween two routers (from site A to  site B) over untrusted internet connection by cisco 3825 routers and i  can  successfully access both of this routers.

I have configured a client machine in site A and configured gateway of this client is 10.1.11.254 but dont have internet there.

The Architecture of our both site routers :

Site A  10.1.11.0-----Router A 172.18.12.1-----VPN tunnel----Router B 172.18.12.2-----Site B 10.4.11.0

Router B:

!        

crypto isakmp policy 1

encr aes

authentication pre-share

group 2 

crypto isakmp key cisco address 172.18.12.1

!        

!        

crypto ipsec transform-set jaikalima esp-aes esp-sha-hmac

!        

crypto map 2.ciscorouter.ao_to_1.ciscorouter.ao 10 ipsec-isakmp

set peer 172.18.12.1

set transform-set jaikalima

match address 102

reverse-route       

!        

!            

interface Loopback0

ip address 192.168.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!        

interface GigabitEthernet0/0

ip address 172.18.12.2 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

media-type rj45

crypto map 2.ciscorouter.ao_to_1.ciscorouter.ao

!        

interface GigabitEthernet0/1

ip address 10.4.11.254 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

media-type rj45

!        

router rip

version 2

network 10.0.0.0

network 61.0.0.0

!        

ip default-gateway 172.18.12.x

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

ip route 0.0.0.0 0.0.0.0 172.18.12.x

no ip http server

no ip http secure-server

!        

!        

ip dns server

ip nat inside source list 100 interface GigabitEthernet0/0 overload

!        

!        

access-list 100 deny   ip 10.4.11.0 0.0.0.255 10.1.11.0 0.0.0.255

access-list 100 permit ip 10.4.11.0 0.0.0.255 any

access-list 100 permit ip 10.1.11.0 0.0.0.255 any

access-list 101 permit ip 10.1.11.0 0.0.0.255 any

access-list 102 permit ip 10.4.11.0 0.0.0.255 10.1.11.0 0.0.0.255

!        

!        

!        

!        

route-map VPNPolicy permit 10

match ip address 101

set ip next-hop 192.168.10.1

!        

Router A :

crypto isakmp policy 1

encr aes

authentication pre-share

group 2 

crypto isakmp key cisco address 172.18.12.2

!        

!        

crypto ipsec transform-set jaikalima esp-aes esp-sha-hmac

!        

crypto map 1.ciscorouter.ao_to_2.ciscorouter.ao 10 ipsec-isakmp

set peer 172.18.12.2

set transform-set jaikalima

match address 102

reverse-route

!        

!        

!        

!        

!        

!        

!        

interface GigabitEthernet0/0

ip address 172.18.12.2 255.255.255.224

ip virtual-reassembly

duplex auto

speed auto

media-type rj45

crypto map 1.ciscorouter.ao_to_2.ciscorouter.ao

!        

interface GigabitEthernet0/1

ip address 10.1.11.254 255.255.255.0

ip virtual-reassembly

duplex auto

speed auto

media-type rj45

!        

ip default-gateway 172.18.12.x

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

ip route 0.0.0.0 0.0.0.0 172.18.12.x

ip http server

ip http authentication local

ip http secure-server

!        

!        

ip dns server

!        

access-list 102 permit ip 10.1.11.0 0.0.0.255 10.4.11.0 0.0.0.255

access-list 102 permit ip any any

!        

!        

!        

!        

route-map nonet permit 10

match ip address 150

Actually I need to solve this problem as soon as possible.

Waiting for you quick reply.

2 Replies 2

vishal vyas
Level 1
Level 1

you just need to add two routes and remove all the athers

on router 1 add : ip route 10.4.11.0 255.255.255.0 172.18.12.2 (for VPN)

                         ip route 0.0.0.0 0.0.0.0 interface connecting intenet

and on router 2 add : ip route 10.1.11.0 255.255.255.0 172.18.12.1 (for VPN)

                               ip route 0.0.0.0 0.0.0.0 interface connecting intenet

Hi Vishal ,

Thanks for your replay .

But I am little bit confused as I mentioned router B's configuration first in my question.

Do you mean  "router 1"  as "router A" or "router B" ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco