Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
665
Views
0
Helpful
3
Replies

tips for setting up a secure connection to the internet

Go to solution
davisr651
Level 1
Level 1

‎03-30-2010 04:53 AM - edited ‎03-04-2019 07:58 AM

since i have obtained my ccna close to 3 yrs ago, i have finally be given my first real project....  I have to setup from beginning to end a VPN connection to the internet.  of hand, i assume i need the following:

Router

Firewall

the information given to me is: firewall utilizing IPSEC,  a 10Mb circuit that i can expand as needed..

as we have cisco gear in our enviroment , i would like to stay with cisco at least for the router...

any recommended advice would be appreciated...  hardware and software..

thanks

r davis

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎03-30-2010 05:10 AM

Hello Rdavis,

point to point GRE over IPSec is recommended if point to point connection

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/1_p2pGRE_Phase2.html

you don't need a firewall for this it is enough a router unless you configure the GRE tunnel on the router and then you can encrypt with IPSec over the firewall.

GRE tunnels are handy because they allow you to extend a routing protocol over them for example and makes IPsec configuration simpler: you just define as interesting traffic packets of the GRE tunnel

access-list 102 permit gre host 10.80.20.1 10.80.20.254

this can be an access-list used to define the crypto map.

if a new IP subnet is defined in one site you don't need to change the IPSec configuration as you would need without using GRE

Hope to help

Giuseppe

Cisco will donate $1 to  the Red Cross Haiti fund for every rated post!

https://supportforums.cisco.com/docs/DOC-8727

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎03-30-2010 05:10 AM

Hello Rdavis,

point to point GRE over IPSec is recommended if point to point connection

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/1_p2pGRE_Phase2.html

you don't need a firewall for this it is enough a router unless you configure the GRE tunnel on the router and then you can encrypt with IPSec over the firewall.

GRE tunnels are handy because they allow you to extend a routing protocol over them for example and makes IPsec configuration simpler: you just define as interesting traffic packets of the GRE tunnel

access-list 102 permit gre host 10.80.20.1 10.80.20.254

this can be an access-list used to define the crypto map.

if a new IP subnet is defined in one site you don't need to change the IPSec configuration as you would need without using GRE

Hope to help

Giuseppe

Cisco will donate $1 to  the Red Cross Haiti fund for every rated post!

https://supportforums.cisco.com/docs/DOC-8727

0 Helpful

Go to solution
davisr651
Level 1
Level 1
In response to Giuseppe Larosa

‎04-06-2010 08:18 AM

Thank you ... i willl read the link you provided....

rob davis

0 Helpful

Go to solution
davisr651
Level 1
Level 1
In response to Giuseppe Larosa

‎04-06-2010 10:19 AM

We are moving from ANX connectivity into our supplier where we will have about 20 tunnels at a time.. will GRE suffice?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card