So, I'm trying to set up a VPN tunnel between two sites. Site A has a RVS4000 as the router to the internet. Site B has a Adtran NetVanta 3200 to convert a frame relay to ethernet, so I can't replace the Adtran. How do I set this up so I can create a tunnel between the two Cisco routers?
I have static Internet IP addresses for the Cisco at Site A, the Adtran and Cisco at site B. I have configured the two Ciscos to set up their tunnel and I've been able to establish the tunnel between my house (where I put Cisco B in place of my home router as a test) and the Cisco at Site A. So, I know my tunnel settings are ok (with the exception of IP address changes).
I'm being told by some people with more network experience than I have that there are a few options.
1.) put the Adtran in bridge mode and use the Cisco as the firewall, DHCP, etc. No clue how to do that.
2.) put the Cisco in a DMZ set up on the Adtran. If I do that, it wouldn't really give me access through the VPN to the network, right?
3.) set up static routes between the Adtran and the Cisco? static using the internal IPs or the external ones?
Very confused. Here are some of the IPs for Site B. I'm not concerned about Site A since I know the internet works there and the VPN tunnel settings are easy enough to change once I actually get the internet working with the two router combo at site B.
Adtran - internal IP - 192.168.1.1 mask 255.255.255.0
- external IP - X.X.24.179 mask 255.255.255.248 (mask may be wrong - based on memory)
Cisco - internal IP - 192.168.3.1 mask 255.255.255.0
- external IP - X.X.24.176 mask 255.255.255.248 (again, mask may be wrong)
I don't care which one does the firewall, NAT, etc. To me it would seem easier to have the Adtran send all traffic to the Cisco, then let the Cisco do the rest (VPN, firewall, DHCP, DNS, etc.).
If you are sure about the network mask on the Adtran here are the commands for bridging the Frame Relay Interface on the Adtran with the Ethernet Interface:
Use the bridge-group command to assign an interface to the specified bridge group. Use the no form of this command to remove the interface from the bridge group.
Specifies the bridge group (by number) to which to assign this interface.
Range is 1 to 255.
By default, there are no configured bridge groups.
Release 1.1 Command was introduced.
A bridged network can provide excellent traffic management to reduce collisions and limit the amount of
bandwidth wasted with unnecessary transmissions when routing is not necessary. Any two interfaces can
be bridged (e.g., Ethernet to T1 bridge, Ethernet to Frame Relay subinterface).
The following example assigns the Ethernet interface to bridge-group 17:
(config)#interface ethernet 0/1
(config-eth 0/1)#bridge-group 17
That's straight from the 3200 config guide. I'm not sure of the number of Ethernet Interfaces you have on the box, but I would try this on an Interface that's not currently in use. You need to bridge the spare Ethernet Interface with the Frame Relay Sub-Interface as per the guide notes.
It should then be a simple matter of adding your RVS to the bridged port and configuring one of the free IP addresses in the public range on the Internet facing interface of the RVS. This IP is what you will use to do the peering with the Site A RVS. Probably better to use a test subnet to verify VPN connectivity first then condemn your old Ethernet Interface on the Adtran and then let the RVS be the gateway for Site B.
Makes sense I guess. Only problem is I only have one Ethernet port on the Adtran. If I change it to bridged mode, do I then lose my ability to administer it from the Ethernet side? Will all traffic automatically go to the Cisco?
I'm assuming this is done through telnet. Any previous commands I need? Any subsequent commands? I mean, anything I need to do to get the router into a mode where it's expectingthese commands? Anything to do after I do these commands? I'm assuming, since this will bypass everything, if it doesn't work, all I have to do is type "bridge-group no"? I don't have the docs for this router.
It's pretty hefty. The routers usually have a console interface so you make your changes there once it's physically accessible. Pg. 1492 of the config guide in the link above provides the necessary steps to get to the interface configuration mode on the router.
Small business owners are willing to try new ways to protect and grow their businesses by innovating, taking risks and pushing boundaries - and technology is a valuable tool to help drive that success.
Learn how Cisco helps small businesses think big and...
This document is attempt to recreate content of original document created by famous @Patrick Born. Cisco has considered to destroy such valuable document for an unknown reason.Cisco SPA series phones and ATAs can use certificate-authenticated HTTPS (SSL) ...
Stay up to date with monthly on-line briefings. Join Customer Connection to register for briefings presented by Cisco product managers who share technical deep-dive product presentations with interactive Q&A.
Catch up on previous new small business p...
Your small business needs secure, intelligent, simple to manage solutions to keep your business humming. Cisco Designed for Business solutions enable your company to connect, compute and collaborate securely.
Why Cisco for sm...
Learn how a two-man IT team manages all audio, video, voice and networking for Goodwill Industries stores in South Florida. Meraki enables them to consolidate, visualize and monitor their wireless network.