Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
553
Views
0
Helpful
1
Replies

VPN CONFIGURATION

tomocisco
Level 1
Level 1

‎02-04-2011 01:14 AM - edited ‎03-06-2019 03:21 PM

Hi Everybody, Happy NewYear.

I have some challenge on my job which I believe some one will help me out. I want to connect our remote branches to the head office using VPN, that is we will tunnel thru the internet. The truth is that this will be my first ever such VPN configuration and I need all the resources I can get to do it.

We have 3 remote branches to connect to the head office but we will start with one first and the success or otherwise will determine the deployment of the rest.

I recently acquired one static IP address from our ISP for the purpose of the VPN configuration to this first branch office.

My question is how mane static ip address do i need to acquire for VPN tunnell between two offices, and if I should think of connecting the 3 remote branches to Head office, how many static IP addresses would I need.

Attached is a sample configuration I got from a book. Please advice me on what you think, will it work when deployed on live network? ( I will test it using simulator first beforewe run tests practically i.e. before the final deployment and commisioning)

Thanks for you help.

Tom

Labels:
Preview file
31 KB
79854-VPN CONFIG1.txt.zip
0 Helpful
1 Reply 1

Latchum Naidu
VIP Alumni
VIP Alumni

‎02-04-2011 01:48 AM

Hi Tom,

Same to you..

If you have one public IP at your spoke site then no problem still you can configure vpn tunnel to hub to site.
Like this you need to have for each site IP from the respective provider.
And at Hubs site don't know how many you have but one is enoughf.


The attached your config for Hub and spoke are fine. please do simulate and deploy in production.


HEAD OFFICE CONFIG

crypto isakmp policy 1
authentication pre-share
hash sha
encryptin aes 128
group 2

crypto isakmp key seCReT  address 172.16.171.20 netmask 255.255.255.255


crypto ipsec transform-set aes_shaesp-aes 128 esp-sha-hmac


crypto map VPN-to-R2 10 ipsec-isakmp
Set peer 172.16.171.20
set transform-set aes_sha
match address 101


interface f 0/0
ip address 172.16.172.10 255.255.255.0
crypto map VPN-to-R2

ip route 10.1.2.0 255.255.255.0 172.16.171.20

access-list 101 pernit ip 10.1.1.0  0.0.0.255 10.1.2.0  0.0.0.255

REMOTE SITE 1 CONFIG


crypto isakmp policy 1
authentication pre-share
hash sha
encryptin aes 128
group 2

crypto isakmp key seCReT  address 172.16.171.20 netmask 255.255.255.255

crypto ipsec transform-set aes_sha esp-aes 128 esp-sha-hmac

crypto map VPN-to-R1 10 ipsec-isakmp
set peer 172.16.172.10
set transform-set aes_sha
match address 101


interface f 0/0
ip address 172.16.171.20 255.255.255.0
crypto map VPN-to-R1

ip route 10.1.2.0 255.255.255.0 172.16.171.20

access-list 101 permit ip 10.1.2.0  0.0.0.255 10.1.1.0  0.0.0.255

Please rate if this helped you...


Regards,
Naidu.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card