03-30-2010 04:53 AM - edited 03-04-2019 07:58 AM
since i have obtained my ccna close to 3 yrs ago, i have finally be given my first real project.... I have to setup from beginning to end a VPN connection to the internet. of hand, i assume i need the following:
Router
Firewall
the information given to me is: firewall utilizing IPSEC, a 10Mb circuit that i can expand as needed..
as we have cisco gear in our enviroment , i would like to stay with cisco at least for the router...
any recommended advice would be appreciated... hardware and software..
thanks
r davis
Solved! Go to Solution.
03-30-2010 05:10 AM
Hello Rdavis,
point to point GRE over IPSec is recommended if point to point connection
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/1_p2pGRE_Phase2.html
you don't need a firewall for this it is enough a router unless you configure the GRE tunnel on the router and then you can encrypt with IPSec over the firewall.
GRE tunnels are handy because they allow you to extend a routing protocol over them for example and makes IPsec configuration simpler: you just define as interesting traffic packets of the GRE tunnel
access-list 102 permit gre host 10.80.20.1 10.80.20.254
this can be an access-list used to define the crypto map.
if a new IP subnet is defined in one site you don't need to change the IPSec configuration as you would need without using GRE
Hope to help
Giuseppe
Cisco will donate $1 to the Red Cross Haiti fund for every rated post!
03-30-2010 05:10 AM
Hello Rdavis,
point to point GRE over IPSec is recommended if point to point connection
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/1_p2pGRE_Phase2.html
you don't need a firewall for this it is enough a router unless you configure the GRE tunnel on the router and then you can encrypt with IPSec over the firewall.
GRE tunnels are handy because they allow you to extend a routing protocol over them for example and makes IPsec configuration simpler: you just define as interesting traffic packets of the GRE tunnel
access-list 102 permit gre host 10.80.20.1 10.80.20.254
this can be an access-list used to define the crypto map.
if a new IP subnet is defined in one site you don't need to change the IPSec configuration as you would need without using GRE
Hope to help
Giuseppe
Cisco will donate $1 to the Red Cross Haiti fund for every rated post!
04-06-2010 08:18 AM
Thank you ... i willl read the link you provided....
rob davis
04-06-2010 10:19 AM
We are moving from ANX connectivity into our supplier where we will have about 20 tunnels at a time.. will GRE suffice?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: