VPN over My Internet Gateway Interface

Discussion in 'Cisco' started by gferragut, Aug 7, 2007.

  1. gferragut

    gferragut Guest

    im trying to stablish a VPN peer-to-peer over my internet serial
    concection the problem is when i start the vpn all the trafic
    between the internet and my lan is down , whan can i do for mount
    the vpn over the internet gateway and dont block the internet
    connection

    im using a 2811 router
    Thank you Best Regards
    gferragut, Aug 7, 2007
    #1
    1. Advertising

  2. gferragut

    Scott Perry Guest

    Following the ideas of ITIL (Information Technology Infrastructure Library),
    I believe the term is site to site VPN meaning that a whole network is being
    connected to a whole network over a VPN connection of whatever type is
    specified. This is contrast to a RAS VPN where one individual host out in
    the world establishes a VPN back to a network.

    There are many ways to do a VPN connection and many protocols to do it with.
    I am providing a sample of a 3DES encrypted and MD5 hash site to site VPN
    connection which uses a crypto map with an address range applied to an
    interface, similar to what you mentioned. You need an IOS image such as
    Advanced Security, Advanced IP Services, or Advanced Enterprise Services for
    this.

    ---

    crypto isakmp policy 10
    encr 3DES
    hash MD5
    authentication pre-share
    group 2
    !
    crypto ipsec transform-set MD5-3DES ah-MD5-hmac esp-3DES
    mode transport

    ---
    The above section is the setup for all connections. Below is the specifics
    for this connection using the global settings above.
    ---

    crypto isakmp key secretword address 12.2.2.2
    !
    ip access-list extended vpn-acmeinc
    permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
    !
    crypto map acmeinc 10 ipsec-isakmp
    set peer 12.2.2.2
    set transform-set MD5-3DES
    match address vpn-acmeinc
    !
    interface Serial0
    crypto map acmeinc
    !
    ip route 192.168.2.0 255.255.255.0 Serial0

    --

    ===========
    Scott Perry
    ===========
    Indianapolis, Indiana
    ________________________________________
    "gferragut" <> wrote in message
    news:...
    > im trying to stablish a VPN peer-to-peer over my internet serial
    > concection the problem is when i start the vpn all the trafic
    > between the internet and my lan is down , whan can i do for mount
    > the vpn over the internet gateway and dont block the internet
    > connection
    >
    > im using a 2811 router
    > Thank you Best Regards
    >
    Scott Perry, Aug 7, 2007
    #2
    1. Advertising

  3. gferragut

    Scott Perry Guest

    I belive the actual term is site-to-site VPN, not peer-to-peer. My
    criticism is only to ensure accuracy so that we are all speaking in the same
    terms. I think that is why the ITIL system was started.

    crypto isakmp policy 10
    encr 3DES
    hash MD5
    authentication pre-share
    group 2
    !
    crypto ipsec transform-set MD5-3DES ah-MD5-hmac esp-3DES
    mode transport
    !
    crypto isakmp key secretword address 12.2.2.2
    crypto map acmeinc 10 ipsec-isakmp
    set peer 12.2.2.2
    set transform-set MD5-3DES
    match address vpn-acmeinc
    !
    interface Serial0
    crypto map acmeinc
    !
    ip access-list extended vpn-acmeinc
    permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
    !
    ip route 192.168.2.0 255.255.255.0 Serial0


    --

    ===========
    Scott Perry
    ===========
    Indianapolis, Indiana
    ________________________________________
    "gferragut" <> wrote in message
    news:...
    > im trying to stablish a VPN peer-to-peer over my internet serial
    > concection the problem is when i start the vpn all the trafic
    > between the internet and my lan is down , whan can i do for mount
    > the vpn over the internet gateway and dont block the internet
    > connection
    >
    > im using a 2811 router
    > Thank you Best Regards
    >
    Scott Perry, Aug 7, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Frank
    Replies:
    3
    Views:
    4,936
    Andre Wisniewski
    Sep 30, 2004
  2. pasatealinux
    Replies:
    1
    Views:
    2,030
    pasatealinux
    Dec 17, 2007
  3. dnash
    Replies:
    0
    Views:
    1,070
    dnash
    Jan 2, 2008
  4. dnash
    Replies:
    0
    Views:
    514
    dnash
    Jan 2, 2008
  5. Theo Markettos

    VOIP over VPN over TCP over WAP over 3G

    Theo Markettos, Feb 3, 2008, in forum: UK VOIP
    Replies:
    2
    Views:
    865
    Theo Markettos
    Feb 14, 2008
Loading...

Share This Page