Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
786
Views
0
Helpful
4
Replies

set up LAN-TO-LAN vpn

Go to solution
332953358
Spotlight
Spotlight

‎05-29-2022 06:17 AM

Hello, everyone. I have a problem,I want to set up a LAN。But,I encountered difficulties。Central route Cisco 2801 have fixed IP,Spoke Route cisco WRV210 Wireless-G is dynamic IP,How to set up lan-to-lan VPN? The WRV210 route supports IPSecVPN. Thanks. 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎05-29-2022 10:05 AM

Hello,

 

here is a sample configuration for your 2801 router. Keep in mind that in this setup, the connection can only be initiated from the remote router. The alternative would be to deploy DDNS on the remote site.

 

HQ#

crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 21
!
crypto isakmp key ciscovpn address 0.0.0.0
!
crypto ipsec transform-set TS esp-3des esp-md5-hmac
mode tunnel
!
crypto dynamic-map HQ-VPN 10
set security-association lifetime seconds 86400
set transform-set TS
match address VPN_TRAFFIC
!
crypto map VPN 1 ipsec-isakmp dynamic HQ-VPN
!
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.252
duplex auto
speed auto
media-type rj45
crypto map VPN
!
interface FastEthernet0/1
ip address 192.168.10.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
ip access-list extended VPN_TRAFFIC
permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
transport input none
!
no scheduler allocate
!
end

View solution in original post

0 Helpful
4 Replies 4

Go to solution
MHM Cisco World
VIP
VIP

‎05-29-2022 06:25 AM

In Central Site,

Config dynamic map with pre-shared key 0.0.0.0

In remote site config staitc crypto map

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎05-29-2022 10:05 AM

Hello,

 

here is a sample configuration for your 2801 router. Keep in mind that in this setup, the connection can only be initiated from the remote router. The alternative would be to deploy DDNS on the remote site.

 

HQ#

crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 21
!
crypto isakmp key ciscovpn address 0.0.0.0
!
crypto ipsec transform-set TS esp-3des esp-md5-hmac
mode tunnel
!
crypto dynamic-map HQ-VPN 10
set security-association lifetime seconds 86400
set transform-set TS
match address VPN_TRAFFIC
!
crypto map VPN 1 ipsec-isakmp dynamic HQ-VPN
!
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.252
duplex auto
speed auto
media-type rj45
crypto map VPN
!
interface FastEthernet0/1
ip address 192.168.10.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
ip access-list extended VPN_TRAFFIC
permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
transport input none
!
no scheduler allocate
!
end

0 Helpful

Go to solution
332953358
Spotlight
Spotlight
In response to Georg Pauwen

‎05-29-2022 08:07 PM

Thank you very much,I've configured it, but I still can't set up a tunnel. Configuration is as follows,What went wrong?1.png2.png3.png4.png

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎05-30-2022 02:13 AM

From Wrv210 ping central router,

Ping remote lan this make tunnel active.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents