Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
597
Views
0
Helpful
5
Replies

Example VPN config help

jamesgonzo
Level 1
Level 1

‎04-25-2009 11:28 PM

Hello, I hope someone can put me in the right direction here.

I will be configuring a Cisco 2621 router that will need to have a VPN connection to a Cisco ASA firewall. I was wondering if anyone has a simple config I could use based on the following settings, I am trying this in a lab first so the outside ports are in a hib at the moment:

ASA:

LAN - 192.168.200.0/24

Outside IP - 1.1.1.1 (example IP)

AES-256/SHA

DH-Group 5

Pre-shared Key - cisco

Router:

LAN - 10.10.10.0/24

Outside IP - 2.2.2.2

Let me know if I have missed anything.

Labels:
0 Helpful
5 Replies 5

jamesgonzo
Level 1
Level 1
In response to andrew.prince

‎04-26-2009 02:14 AM

Thanks for spending the time to answer my post.

It will be a static to staic site-to-site VPN not dynamic.

In my lab I think I will have to give both peer IP's (outside ports into hub) an address in the same subnet so they can commuicate?

0 Helpful

andrew.prince
Level 10
Level 10
In response to jamesgonzo

‎04-26-2009 02:23 AM

Not really - all you need is a x-over cable and some default static routes.

e.g ASA:-

Outside Interface

IP address 1.1.1.1 255.255.255.0

route outside 0.0.0.0 0.0.0.0 1.1.1.1

E.G Router:-

int eth 0/0 or fa 0/0

ip address 2.2.2.2 255.255.255.0

ip route 0.0.0.0 0.0.0.0 eth 0/0 or fa 0/0

The above instructs the device to pass default traffic out the respective interfaces and "arp" for the mac using the specific IP or interface - since they are on a hub or x-over the remote side will respond.

HTH>

0 Helpful

jamesgonzo
Level 1
Level 1
In response to andrew.prince

‎04-26-2009 02:32 AM

Thanks.

Sorry for the silly question but if 1.1.1.1 and 2.2.2.2 go into a hub how will they ping each other as they are on different subnets?

0 Helpful

andrew.prince
Level 10
Level 10
In response to jamesgonzo

‎04-26-2009 04:33 AM

Not a silly question if you do not know - but you are missing some of the basic priciples.

Even though it's not proper english - you should never answer a question with a question, but this time it's fitting to do so...so let me ask you:-

What is a broadcast domain?

What is ARP?

Knowing the concepts/operation of the above will answer your question.

HTH>

0 Helpful
Customers Also Viewed These Support Documents