Re: Outbound VPN connection from 3005 Concentrator

bberry · ‎10-14-2004

I need to create a VPN tunnel between our 3005 Concentrator and a Cisco 7100 router. I am working through the Concentrator to Router config guide but have a question. The PC behind the Concentrator that needs the tunnel, how does its traffic initiate the tunnel?? We currently use dial-in access to a vendor. This is being replaced by a VPN connection. At least that is the request/plan.

sachinraja · ‎10-17-2004

Hello..

On the VPN concentrator, you will create network lists, which specifies the source and destination IP addresses , which will trigger the IPSEC tunnel. These are called interesting traffic.

1) first you need to create network lists from configuration-policy management-traffic management - network lists.. here you add the local and the remote network addresses.

2) when configuring the IPSEC LAN-LAN parameters, you include the network lists configured on the local / remote network boxes.

You can refer to the following URL:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009482e.shtml#vpncon

So , your PC's IP address behind the concentrator will be added to the local address list , which will force the concentrator to initialise the tunnel..

bberry · ‎10-18-2004

Then I will need to place static routes in my network for that IP address & ports to the Concentrator? We have a single point of presence on the internet located here at our corporate office. This server is located one more hop behind that and I only want application specific traffic to travel the VPN connection.

sachinraja · ‎10-24-2004

Hello berry

static routes are definitely required if the source server is in some other network (apart from the vpn concentrator's inside network).. from the VPN concentrator, you need to have IP connection to your IPSEC peer on the internet.. thats it !!