setup small bussiness

siddiq_afridi · ‎11-26-2007

I puchase two cisco router to connect my two offices located in different cities.I also puchase dsl connection.how can I connect my two offices.how to setup the Ips address.thanks

graemeporter · ‎11-26-2007

Hi there!

Assuming both your Cisco routers have a hardware VPN module, your simplest option is to create a VPN tunnel between the two sites. You would also need to have an IOS image loaded on your routers that supports crypto.

You can check by logging into the router and typing "show version" - if it gives this piece of information, then you know that your router has a VPN module:

"1 Virtual Private Network (VPN) Module"

If you don't have VPN modules in your routers, then I'm fairly certain that you can't do what you're looking to do securely. Assuming both your DSL lines give you a static IP address, you could begin routing between them, but your traffic would not be encrypted and is therefore not secure.

Some routers (i.e. Cisco 1700 series) support VPN, but don't come with the module fitted as standard; with some routers, it is possible to buy the module as an add-on.

I hope this is of some help to you. Good luck!

Kind regards,

Graeme

jpl861 · ‎11-26-2007

Hi,

If ever your IOS doesn't support crypto, you can always use GRE tunneling. If it does then you can run GRE/IPSEC for additional security. This way, you can run routing protocol between your 2 sites. Let's just hope that they give you a static IP address.

regards,

John

siddiq_afridi · ‎11-27-2007

plz send me all details to setup vpn module including router commands to setup vpn .thanks

graemeporter · ‎11-27-2007

This configuration template works well for us. When correctly entered, you should find that it sets up an IPSec tunnel between the two routers, and runs a GRE tunnel over it. This gives a nice secure connection.

You will need to route each site's inside subnet across the tunnel so that devices on each site can contact each other.

Hope this helps!

On your Site A router:

----------------------

!

interface Loopback0

ip address 255.255.255.255

!

ip access-list extended GRE-TO-SITE-B

permit ip host host

!

ip route 255.255.255.255

!

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

crypto isakmp key address no-xauth

!

crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac

!

crypto map IPSEC-VPN 100 ipsec-isakmp

description VPN Link to Site B

set peer

set transform-set 3DES-SHA

match address GRE-TO-SITE-B

!

interface Tunnel100

description GRE Tunnel to Site B

bandwidth 2000

ip address 255.255.255.252

ip mtu 1420

ip route-cache flow

ip tcp adjust-mss 1380

load-interval 30

keepalive 20 6

tunnel source Loopback0

tunnel destination

!

On your Site B router: