cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
543
Views
0
Helpful
4
Replies

set up LAN-TO-LAN vpn

332953358
Beginner
Beginner

Hello, everyone. I have a problem,I want to set up a LAN。But,I encountered difficulties。Central route Cisco 2801 have fixed IP,Spoke Route cisco WRV210 Wireless-G is dynamic IP,How to set up lan-to-lan VPN? The WRV210 route supports IPSecVPN. Thanks. 

1 Accepted Solution

Accepted Solutions

Georg Pauwen
VIP Master VIP Master
VIP Master

Hello,

 

here is a sample configuration for your 2801 router. Keep in mind that in this setup, the connection can only be initiated from the remote router. The alternative would be to deploy DDNS on the remote site.

 

HQ#

crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 21
!
crypto isakmp key ciscovpn address 0.0.0.0
!
crypto ipsec transform-set TS esp-3des esp-md5-hmac
mode tunnel
!
crypto dynamic-map HQ-VPN 10
set security-association lifetime seconds 86400
set transform-set TS
match address VPN_TRAFFIC
!
crypto map VPN 1 ipsec-isakmp dynamic HQ-VPN
!
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.252
duplex auto
speed auto
media-type rj45
crypto map VPN
!
interface FastEthernet0/1
ip address 192.168.10.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
ip access-list extended VPN_TRAFFIC
permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
transport input none
!
no scheduler allocate
!
end

View solution in original post

4 Replies 4

In Central Site,

Config dynamic map with pre-shared key 0.0.0.0

In remote site config staitc crypto map

Georg Pauwen
VIP Master VIP Master
VIP Master

Hello,

 

here is a sample configuration for your 2801 router. Keep in mind that in this setup, the connection can only be initiated from the remote router. The alternative would be to deploy DDNS on the remote site.

 

HQ#

crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 21
!
crypto isakmp key ciscovpn address 0.0.0.0
!
crypto ipsec transform-set TS esp-3des esp-md5-hmac
mode tunnel
!
crypto dynamic-map HQ-VPN 10
set security-association lifetime seconds 86400
set transform-set TS
match address VPN_TRAFFIC
!
crypto map VPN 1 ipsec-isakmp dynamic HQ-VPN
!
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.252
duplex auto
speed auto
media-type rj45
crypto map VPN
!
interface FastEthernet0/1
ip address 192.168.10.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
ip access-list extended VPN_TRAFFIC
permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
transport input none
!
no scheduler allocate
!
end

Thank you very much,I've configured it, but I still can't set up a tunnel. Configuration is as follows,What went wrong?1.png2.png3.png4.png

From Wrv210 ping central router,

Ping remote lan this make tunnel active.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers