07-17-2001 02:10 PM - edited 02-21-2020 11:22 AM
Here is the situation: We have several branch offices within our organization that are connected to our main building via a 10mb ehternet fiber connections through a county network (they used to be 56k frame). Our main building has a 3620, while the branch offices have 1605s (IOS ver. 12.0(8)). We would like to add VPN to these connections. To add better security and eliminate the NATs (the county was sparse with Ips, so we have to use overloads, which are causing us problems with network trusts). From what I have read so far the only thing additional we would need is a VPN module for the 3620 and a IOS upgrade on the 1605s. Would this be a correct assumption? Or is there more that we would need to make this happen?
Sorry for the length and thanks in advance.
07-17-2001 11:10 PM
Both the 3620 and 1605 would only need an ios upgrade
to enable VPN (IPSEC). But you have to check if your
DRAM and FLASH on the both routers can handle the new
IOS, if not... if you have to upgrade.
The VPN module for the 3620 is needed if you want
to off load the cpu processing of 3620 to the
VPN module. This makes things faster for the 3620.
07-18-2001 04:27 AM
Thanks for the info. I have two more questions. First, where could I find info regarding the requirements for a IOS upgrade? and secondly, where could I find router config info on VPN? I found some info on cisco.com, but they usually have examples on their web site, which I can not find.
Thanks again.
07-18-2001 09:05 PM
07-19-2001 04:29 AM
Thank you for the info. Unforunately I do not meet any of the requirements to sign up for that part of the web site. Anyway, I appreciate all your help.
07-20-2001 12:58 AM
For info on router config, try http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:IPSec&s=Implementation_and_Configuration
07-20-2001 06:53 AM
There are a few more things I'm having trouble understanding. If we create VPN tunnels between routers,can you create "virtual circuits" on a single interface on you main router for vpn, like you would create a point-to-point virtual cricuit for frame-relay?
and once the tunnel is created between two routers, is it like having a dedicated circuit?
The next thing is, are there any service limitations over vpn? Can you have ipx and netbios traffic travel over tunnel with no problems?
Thanks in advance.
07-23-2001 08:15 AM
Regarding service limitations. Cisco VPN solutions using IPSEC is only suited to TCP/IP. To route IPX/Netbui or even apple-talk, you would have to create a GRE tunnel on your router instead of an IPSEC tunnel.
An established "tunnel" end to end is a dedicated connection.
W.r.t your first Q, YOU can use IPSEC and IKE to establish the various VPN connections on your router serial port. More than one connection is possible, it is all configured in the IOS. BUt make sure you are using TCP/IP. Why would you want to route IPX...Novell works just fine with TCP/IP.
07-24-2001 05:13 AM
I was just wondering about the IPX. There is an outside office we connect to that uses IPX, but it is the only, and we will probably not use the VPN for it, but I wanted to know either way.
As far as Netbios goes, it is the reason why we are looking into this VPN solution. I just want to make sure that this VPN solution supports all the port ranges for netbios over tcp/ip, especially 135-139 for trust relationships.
Is the GRE tunnel as secure as IPSec, or is that "open"? Or do you have to configure it to be secure?
Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide