02-04-2011 01:14 AM - edited 03-06-2019 03:21 PM
Hi Everybody, Happy NewYear.
I have some challenge on my job which I believe some one will help me out. I want to connect our remote branches to the head office using VPN, that is we will tunnel thru the internet. The truth is that this will be my first ever such VPN configuration and I need all the resources I can get to do it.
We have 3 remote branches to connect to the head office but we will start with one first and the success or otherwise will determine the deployment of the rest.
I recently acquired one static IP address from our ISP for the purpose of the VPN configuration to this first branch office.
My question is how mane static ip address do i need to acquire for VPN tunnell between two offices, and if I should think of connecting the 3 remote branches to Head office, how many static IP addresses would I need.
Attached is a sample configuration I got from a book. Please advice me on what you think, will it work when deployed on live network? ( I will test it using simulator first beforewe run tests practically i.e. before the final deployment and commisioning)
Thanks for you help.
Tom
02-04-2011 01:48 AM
Hi Tom,
Same to you..
If you have one public IP at your spoke site then no problem still you can configure vpn tunnel to hub to site.
Like this you need to have for each site IP from the respective provider.
And at Hubs site don't know how many you have but one is enoughf.
The attached your config for Hub and spoke are fine. please do simulate and deploy in production.
HEAD OFFICE CONFIG
crypto isakmp policy 1
authentication pre-share
hash sha
encryptin aes 128
group 2
crypto isakmp key seCReT address 172.16.171.20 netmask 255.255.255.255
crypto ipsec transform-set aes_shaesp-aes 128 esp-sha-hmac
crypto map VPN-to-R2 10 ipsec-isakmp
Set peer 172.16.171.20
set transform-set aes_sha
match address 101
interface f 0/0
ip address 172.16.172.10 255.255.255.0
crypto map VPN-to-R2
ip route 10.1.2.0 255.255.255.0 172.16.171.20
access-list 101 pernit ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255
REMOTE SITE 1 CONFIG
crypto isakmp policy 1
authentication pre-share
hash sha
encryptin aes 128
group 2
crypto isakmp key seCReT address 172.16.171.20 netmask 255.255.255.255
crypto ipsec transform-set aes_sha esp-aes 128 esp-sha-hmac
crypto map VPN-to-R1 10 ipsec-isakmp
set peer 172.16.172.10
set transform-set aes_sha
match address 101
interface f 0/0
ip address 172.16.171.20 255.255.255.0
crypto map VPN-to-R1
ip route 10.1.2.0 255.255.255.0 172.16.171.20
access-list 101 permit ip 10.1.2.0 0.0.0.255 10.1.1.0 0.0.0.255
Please rate if this helped you...
Regards,
Naidu.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide