Virtual Private Network (VPN) is a connection between two endpoints - a VPN Router, for instance - in different networks that allows private data to be sent securely over a shared or public network, such as the Internet. This establishes a private network that can send data securely between these two locations or networks. This is done by creating a "tunnel". A VPN tunnel connects the two PCs or networks and allows data to be transmitted over the Internet as if it were still within those networks. Not a literal tunnel, it is a connection secured by encrypting the data sent between the two networks.
To setup a VPN Tunnel on a Cisco Small Business router you need to perform four steps:
- Connecting Devices Together
- Verifying the VPN Settings Needed on the Two Routers
Configuring VPN Tunnel settings on Router A
Configuring VPN Tunnel settings on Router B
Connecting Devices Together
Before connecting to a VPN tunnel you need to ensure that there is an active Internet connection between the two routers that will communicate. After ensuring that there is an active Internet connection, you need to verify the VPN settings. To verify the VPN settings of the two routers, follow the instructions below.
Verifying the VPN Settings Needed on the Two Routers
Step 1:
Access the router's web-based setup page. For instructions click here.
Step 2:
Click Status then click Gateway and take note of the Internet/WAN IP Address.
Step 3:
Click Status then click Local Network and take note of the IP Address.
Router A's Status page:
Router B's Status Page:
Step 4
Make sure the Local IP Address of the two routers are different. Take note that the Local IP Address of Router A will be Router B's Remote Secure Group.
In this example, we will use the following:
Step 5:
After verifying the settings needed to setup a tunnel, you need to configure the settings on Router A. For instructions, follow the steps below.
Configuring VPN Tunnel settings on Router A
Step 1:
Access the router's web-based setup page. For instructions, click here.
Step 2:
When the router's web-based setup page appears, click Security then click VPN.
Step 3:
Select the Tunnel entry you wish to create.
Step 4:
Look for VPN Tunnel then select Enabled.
Step 5:
Under Tunnel Name enter the name you want to set your tunnel. In this example "Tunnel 1" was used.
Step 6:
Look for Local Secure Group and select either Subnet, IP Addr. or IP Range depending on your preference, then on the IP fields enter the Local IP address of your router. In this example "192.168.1.0" was used.
Note: The setting you'll be assigning on the Local Secure Group would vary in the type of configuration you want to assign to your router.
Step 7:
Under Mask enter the Subnet Mask of your router. In this example "255.255.255.0" was used.
Under Remote Secure Group, select either Subnet, IP Addr., IP Range, Host or Any, then on the fields provided enter the appropriate values of the remote router. In this example, we selected Subnet and entered "192.168.2.0" for the IP and "255.255.255.0" for the Mask.
Step 9:
Look for Mask and enter the Subnet Mask of the remote router. In this example "255.255.255.0" was used.
Step 10:
Look for Remote Security Gateway and select either IP Addr., FQDN, or Any depending on your preference, then on the IP Address field, enter the WAN/Internet IP address of the remote router. In this example "10.100.16.60" was used.
Step 11:
Under Encryption, select the encryption level you wish to enable on your tunnel. In this example we used DES.
Note: Make sure the Encryption level selected is the same with the router you wish to establish a VPN tunnel with.
Step 12:
Under Authentication, select the authentication mode you wish to enable on your tunnel. In this example we used MD5.
Note: Make sure the Authentication mode selected is the same with the router you wish to establish a VPN tunnel with.
Step 13:
Under Key Management, select Auto (IKE).
Step 14:
Make sure PFS (Perfect Forward Secrecy) is Enabled. This will ensure that the initial key exchange and IKE proposals are secured. Then under Pre-shared Key enter the key you want to enable on your tunnel. In this example "MySecretKey" was used.
Step 15:
Under Key Lifetime enter the time period you want the key to expire on your tunnel. In this example "3600" was used.
Note: Make sure the Pre-shared Key and Key Lifetime entered are the same with the remote router.
Step 16:
Click Save Settings.
Step 17:
Click Connect.