Re: Router to router VPN with Client option?

awyle · ‎02-21-2005

Hi is it possible to use a 2600 or 1700 to create VPN's? I would have about 2 routers connecting in and 2 clients. if so is the any config examples?

Thanks

Gus

gfullage · ‎02-24-2005

There's lots of sample configs here:

http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Internetworking:IPSec&s=Implementation_and_Configuration

Specifically, the following one looks like what you want:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094685.shtml

c.hamoeller · ‎02-25-2005

here is a simple basic config that might help you, just remember you will have to change it a little for your 2600. This will work on 1700 directly. Also this is used for connecitons over dsl, cable and so forth, private lines would be the tunnel source if you are using them.

!

crypto isakmp policy 25

encr 3des

hash md5

authentication pre-share

crypto isakmp key address destination host ! ISAKmp

!

crypto ipsec transform-set ANES esp-3des esp-md5-hmac

mode transport

!

crypto map GRE 50 ipsec-isakmp

description Tunnel to destination host

set peer destination host ip

set transform-set ANES

match address -GRE

!

interface Loopback0

description Connectionless IP Circuit for

ip address 255.255.255.252

!

interface Tunnel0

description GRE Tunnel to destination Tunnel # from

bandwidth 1024

ip address 255.255.255.252

ip mtu 1440

ip hello-interval eigrp 1 4

ip hold-time eigrp 1 10

ip route-cache flow

no ip route-cache

no ip mroute-cache

tunnel source Ethernet 0

tunnel destination

crypto map GRE

!

interface Ethernet0

description Public Network Interface to NOC # Acct. #

ip address

no ip directed-broadcast

ip access-group 115 in

no shutdown

crypto map GRE

!

interface FastEthernet0

description Protected Network

ip address

no ip directed-broadcast

no shutdown

!

ip route 255.255.255.255 ! ISP's ,

!

access-list 3 remark Telnet Access to VTY's

access-list 3 permit ! Local ,

access-list 3 permit

!

ip access-list extended GRE

remark Encrypt GRE Traffic from Remote Site to host site

permit gre host destination host ip ! of Ethernet 0

!

access-list 115 remark Permits and Established from the Internet

access-list 115 permit icmp any host unreachable ! IP Address of Public Interface

access-list 115 permit icmp any host echo-reply ! IP Address of Public Interface

access-list 115 permit icmp any host packet-too-big ! IP Address of Public Interface

access-list 115 permit icmp any host time-exceeded ! IP Address of Public Interface

access-list 115 permit icmp any host traceroute ! IP Address of Public Interface

access-list 115 permit icmp any host administratively-prohibited ! IP Address of Public Interface

access-list 115 permit icmp any host echo ! IP Address of Public Interface

access-list 115 permit tcp host destination host eq telnet ! IP Address of Public Interface

access-list 115 permit udp host destination host host eq isakmp ! IP Address of Public Interface

access-list 115 permit gre host destination host host ! IP Address of Public Interface

access-list 115 permit esp host destination host host ! IP Address of Public Interface

access-list 115 deny ip 127.0.0.0 0.255.255.255 any

access-list 115 deny ip any any