Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
216
Views
0
Helpful
2
Replies

Adding a 3rd site to existing 876 VPN routers

tnikoletos
Beginner
Beginner

‎02-10-2009 03:22 PM

Greetings,

I have 2 876 routers which connect trough a GRE IPsec tunnel. Also the routers by default use the ISDN port as backup in case the DSL fails.

I have 2 questions

a. If a add a 3rd site do i need to configure a separate GRE tunnel/crypto map etc or just add the details of the 3rd site to my existing config?

b. I saw that through SDM i only have the option of inserting the 'dial string' of the remote site. In this scenario i need to configure dialer map for each remote site. Will it work in 876 so that the central site dial to 2 separate destinations?

Please repply if you have any info because i am troubled if i need to keep 876 for my central site or upgrade to 1841 model, which is quite expensive.

many thanks

themis

Labels:
0 Helpful
2 Replies 2

JamesLuther
Participant
Participant

‎02-12-2009 06:28 AM

Hello,

876 routers support 10 ipsec tunnels so you won't need to upgrade.

To configure the new site then just add it as a seperate VPN tunnel. I imagine you'll want to create a mesh? You can then setup your routing layer to reflect your chosen topology.

Thanks

0 Helpful

tnikoletos
Beginner
Beginner
In response to JamesLuther

‎02-20-2009 05:02 AM

Greetings and thanks gor your quick reply. I feel puzzled in 2 things.

1.My current tunnel from central to site 1 is in subnet 10.0.0.X /255.255.255.252(i.e 10.0.0.1 and .2)

Can the new tunnel for site 2 be 10.0.0.3-4 or a new subnet e.g. 11.0.0.1-2 is required?

2. I run 'show startup config' and found 2 crypto isakamp policys. See below (i have removed the real ip addresses with x1, x2,x3). How can i check which one is currently used?

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp policy 2

encr 3des

group 2

crypto isakmp key xxxxx address x1

crypto isakmp key xxxxx address x2

crypto isakmp key xxxxx address x3

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel to x2

set peer x2

set transform-set ESP-3DES-SHA

match address 100

!

interface Tunnel1

ip address 10.0.0.1 255.255.255.252

qos pre-classify

keepalive 1 3

tunnel source Dialer1

tunnel destination x2

!

!

interface Dialer1

description $FW_OUTSIDE$

ip address xxxxxx 255.255.255.0

ip access-group 107 in

ip nat outside

ip inspect SDM_MEDIUM out

ip virtual-reassembly

encapsulation ppp

dialer pool 2

dialer-group 2

no cdp enable

ppp authentication xxxx

ppp chap hostname xxxxx

ppp chap password 7 xxxxx

ppp pap sent-username xxxxxx password 7 xxxx

crypto map SDM_CMAP_1

I need to do this setup on an already configured router and my experience is basic so please be as descriptive as possible.

Again, thanks for your time :)

regards,

themis

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents