cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1163
Views
4
Helpful
6
Replies

Cisco router IOS IPSec VPN configuration

Difan Zhao
Level 5
Level 5

Hi experts,

I haven't configured the VPN for a long time on the routers so I want your recommendation for best practice.

I need to run OSPF on top of it so it has to be GRE over IPSec

I googled and I see old type of config that I used to do with use of crypto map. Then I see config with Ipsec profile which is applied to the tunnel interface (tunnel protection). I also see on the manual about isakmp profile...

Is there a configuration example that you can provide? This is site to site VPN with most basic PAT on the interface for the remote office to surf Internet. My routers are fairly recent. One is 2821 with newest 12.4 T code and another is 2921 router.

Thanks,

1 Accepted Solution

Accepted Solutions

Hi!

I didn't have one that exactly matched your needs, but I made one. I configured it by hand so there might be some config-errors.

View solution in original post

6 Replies 6

Thanks Andrew! I am reading the document and it is very helpful

Hi!

I didn't have one that exactly matched your needs, but I made one. I configured it by hand so there might be some config-errors.

Hey Henrik, you just did my work for me... Thanks a lot

One more question, MTU, TCP adjust on the tunnel interface, do you have the value handy? My Internet facing interface has MTU size of 1500 bytes

Thanks,

No problems

I'm not an expert at mtu-sizes, so I'm not the right person to ask, sorry.

Hello Difan,

the GRE overhead are 24 bits, so regular MTU ( 1500 less GRE overhead)

It will give us the rigth MTU size for your tunnel interface running GRE 1476

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC