So, I'm trying to set up a VPN tunnel between two sites. Site A has a RVS4000 as the router to the internet. Site B has a Adtran NetVanta 3200 to convert a frame relay to ethernet, so I can't replace the Adtran. How do I set this up so I can create a tunnel between the two Cisco routers?
I have static Internet IP addresses for the Cisco at Site A, the Adtran and Cisco at site B. I have configured the two Ciscos to set up their tunnel and I've been able to establish the tunnel between my house (where I put Cisco B in place of my home router as a test) and the Cisco at Site A. So, I know my tunnel settings are ok (with the exception of IP address changes).
I'm being told by some people with more network experience than I have that there are a few options.
1.) put the Adtran in bridge mode and use the Cisco as the firewall, DHCP, etc. No clue how to do that.
2.) put the Cisco in a DMZ set up on the Adtran. If I do that, it wouldn't really give me access through the VPN to the network, right?
3.) set up static routes between the Adtran and the Cisco? static using the internal IPs or the external ones?
Very confused. Here are some of the IPs for Site B. I'm not concerned about Site A since I know the internet works there and the VPN tunnel settings are easy enough to change once I actually get the internet working with the two router combo at site B.
Adtran - internal IP - 192.168.1.1 mask 255.255.255.0
- external IP - X.X.24.179 mask 255.255.255.248 (mask may be wrong - based on memory)
Cisco - internal IP - 192.168.3.1 mask 255.255.255.0
- external IP - X.X.24.176 mask 255.255.255.248 (again, mask may be wrong)
I don't care which one does the firewall, NAT, etc. To me it would seem easier to have the Adtran send all traffic to the Cisco, then let the Cisco do the rest (VPN, firewall, DHCP, DNS, etc.).
If you are sure about the network mask on the Adtran here are the commands for bridging the Frame Relay Interface on the Adtran with the Ethernet Interface:
Use the bridge-group command to assign an interface to the specified bridge group. Use the no form of this command to remove the interface from the bridge group.
Specifies the bridge group (by number) to which to assign this interface.
Range is 1 to 255.
By default, there are no configured bridge groups.
Release 1.1 Command was introduced.
A bridged network can provide excellent traffic management to reduce collisions and limit the amount of
bandwidth wasted with unnecessary transmissions when routing is not necessary. Any two interfaces can
be bridged (e.g., Ethernet to T1 bridge, Ethernet to Frame Relay subinterface).
The following example assigns the Ethernet interface to bridge-group 17:
(config)#interface ethernet 0/1
(config-eth 0/1)#bridge-group 17
That's straight from the 3200 config guide. I'm not sure of the number of Ethernet Interfaces you have on the box, but I would try this on an Interface that's not currently in use. You need to bridge the spare Ethernet Interface with the Frame Relay Sub-Interface as per the guide notes.
It should then be a simple matter of adding your RVS to the bridged port and configuring one of the free IP addresses in the public range on the Internet facing interface of the RVS. This IP is what you will use to do the peering with the Site A RVS. Probably better to use a test subnet to verify VPN connectivity first then condemn your old Ethernet Interface on the Adtran and then let the RVS be the gateway for Site B.
Makes sense I guess. Only problem is I only have one Ethernet port on the Adtran. If I change it to bridged mode, do I then lose my ability to administer it from the Ethernet side? Will all traffic automatically go to the Cisco?
I'm assuming this is done through telnet. Any previous commands I need? Any subsequent commands? I mean, anything I need to do to get the router into a mode where it's expectingthese commands? Anything to do after I do these commands? I'm assuming, since this will bypass everything, if it doesn't work, all I have to do is type "bridge-group no"? I don't have the docs for this router.
It's pretty hefty. The routers usually have a console interface so you make your changes there once it's physically accessible. Pg. 1492 of the config guide in the link above provides the necessary steps to get to the interface configuration mode on the router.
Small businesses are facing the realities of the new normal and wondering what are the best ways to monitor, protect, manage and grow. Cisco understands the unique needs of small businesses and is committed to help overcome their top IT challenges. The fi...
What does the new normal mean for small business? Join this CiscoChat to learn how Cisco Designed, the portfolio curated for small business, can help small businesses adapt and thrive through the new normal and beyond.
We'll take your questions live...
Hi, i have an RV130W Wireless VPN router on which contrary to all advertisements i do not have gigabit LAN.The port links state 1000 full duplex however any LAN transfer is capped at about 20MBps, primarily because the router CPU reaches 100%. So this giv...
Join us in an exclusive Cisco Customer Connection briefing for a demonstration on the management capabilities within the Cisco Business Wireless product line for small businesses. For the lone-IT-superman, it is critical that the network products are easy...
This may be a simple question so I hope someone can help. We have several Cisco SG300\500 switches in L2 mode. Each switch has 8 VLANS and VLAN 1 is still native (For now). We do all routing between VLAN's on our firewall. After reading several ...