VPD/Data Connection to Router

I don't understand what you are trying to accomplish to be honest. Can you indicate what the current traffic flow is, and which part of the topology you want to add ?

alemayehuayele · ‎09-24-2022

On the existing connection LAN 1 connects via the router to the internet. Now new VPN connection established and LAN 2 needed to access LAN 1 over the VPN connection. I have concept to implement it using sub-interface, but not have a clear idea about it. hope i clarified it a bit.

Georg Pauwen · ‎09-25-2022

Hello,

I still do not understand your desired topology.

ISP VPN Data Branch and ISP VPN Data HQ are what exactly ? What does 'ISP' mean in this context ?

Are these two head ends of the same, existing VPN, and do you need to set up yet another, new VPN between ISP VPN Data HQ, and the Cisco 1941 ?

I do not see how you can terminate a new VPN (which involves public IP addresses) on the LAN side of an existing network.

Maybe you can clarify a bit more what you want to accomplish. I understand there is a remote site that needs to connect to the Cisco 1941, and then out to the Internet.

Is DMVPN an option ?

rdeluhery · ‎09-24-2022

where is the firewall?

alemayehuayele · ‎09-25-2022

We have no firewall for a moment.

fracjackmac · ‎09-24-2022

Hello @alemayehuayele,

I assume that you can have the ISP add routes to ensure connectivity between the HQ and Branch locations.
The following routes will be needed for the setup that I'm proposing.
Note that I'm providing IP addresses for the ISP connections since real addresses weren't provided, so these will need to be adjusted to match up with the real implementation.

! ISP VPN Data HQ 

! Assuming an address of 10.130.20.1/30 on the Data HQ interface facing Cisco 2960:
ip route 192.168.1.0 255.255.255.0 10.130.20.2  ! assuming a subnet and address since none was provided

! Assuming an address of 10.133.20.1/30 on the Data HQ interface facing Data Branch
ip route 192.168.2.0 255.255.255.0 10.133.20.2  ! assuming a subnet and address since none was provided

! ISP VPN Data Branch

! Assuming an address of 10.133.20.2/30 on the Data Branch interface facing Data HQ:
ip route 192.168.1.0 255.255.255.0 10.133.20.1 ! assuming a subnet and address since none was provided

! Assuming an IP address of 192.168.2.1/24 on the Data Branch interface facing "LAN 2"
! Assuming the hosts on LAN 2 are using a default route: 0.0.0.0/0 192.168.2.1

Here are the configuration steps that should provide guidance for your router and switch implementation.
This is a classic "router on a stick" configuration:

! ** Cisco 1941 **
config term
interface gi 0/0
 no shutdown
 exit
!
interface gi 0/0.10
 description LAN 1 traffic
 encapsulation dot1q 10
 ip address 192.168.1.1 255.255.255.0
 exit
!
interface gi 0/0.20
 description LAN 2 traffic -- assuming a subnet and address since none was provided
 encapsulation dot1q 20
 ip address 10.130.20.2 255.255.255.252
 exit
!
 ip route 192.168.2.0 255.255.255.0 10.130.20.1
!
end

! ** Cisco 2960 **
config term
vlan 10
 name LAN_1_hosts
 exit
!
vlan 20
 name LAN_2_hosts_via_ISP_VPN
 exit
!
interface gi 0/1
 description to Cisco 1941
 switchport trunk allowed vlan 10,20
 switchport mode trunk
 exit
!
interface range fa 0/1-24
 description LAN 1 Hosts
 switchport access vlan 10
 switchport mode access
 exit
!
interface gi 0/2
 description to ISP VPN Data HQ
 switchport access vlan 20
 switchport mode access
 exit
!
end

fjm / vrs

@ittybittypacket

alemayehuayele · ‎09-25-2022

Thanks for the detailed helpful information. Will try it and get back with
the result.