Multiple VPNs on Cisco 837
Hi,
This post isn't related to CCNP but I thought it would be best suited here due to its content.
We have two offices that have bog standard ADSL in them with a Cisco 837 router. Each office has a static IP and the router does NAT for the users at each office.
I would like to achieve the following abjectives without purchasing additional equipment (if possible).
i) Create a router-to-router VPN to link the offices;
ii) Allow mobile users to VPN in to access resources on the internal networks.
The first point I have managed to do - the link is up and I can ping devices at the other site. Is the router able to perform these functions together or am I going to have to purchase additional equipment?
Thanks in advance.
This post isn't related to CCNP but I thought it would be best suited here due to its content.

We have two offices that have bog standard ADSL in them with a Cisco 837 router. Each office has a static IP and the router does NAT for the users at each office.
I would like to achieve the following abjectives without purchasing additional equipment (if possible).
i) Create a router-to-router VPN to link the offices;
ii) Allow mobile users to VPN in to access resources on the internal networks.
The first point I have managed to do - the link is up and I can ping devices at the other site. Is the router able to perform these functions together or am I going to have to purchase additional equipment?
Thanks in advance.
Regards,
CCNA R&S; CCNP R&S
CCNA R&S; CCNP R&S
Comments
Yes that should work just fine I just wouldn't want to have to many people VPN in on a smaller router such as that...with many tunnels terminating on a smaller router I can see that pegging quickly. If you have multiple IPs I would maybe invest in another router or a VPN concentrator but it depends on the number of remote users and what kind of internet link are you running this on?
Right after some further searching and reading on Cisco I have tried using VTI (Virtual Tunnel Interfaces). I have a tunnel interface setup on each router and can access devices on LAN at site 2 from site 1 :-
Site 1 = 10.0.1.0 /24
Site 2 = 10.0.0.0 /24
C:\Users\Stuart>tracert 10.0.0.251
Tracing route to 10.0.0.251 over a maximum of 30 hops
1 1 ms 1 ms 1 ms 10.0.1.254
2 55 ms 62 ms 61 ms 10.254.0.2
3 60 ms 65 ms 66 ms 10.0.0.251
Trace complete.
This document on cisco.com helped alot:
IPSec Virtual Tunnel Interface - Cisco Systems
My next step is to get VPN access sorted for mobile users.
CCNA R&S; CCNP R&S
Hi,
The offices are small (less than six at each site) hence the basic connection and routers. There will only be a couple of people VPN'ing in at most.
CCNA R&S; CCNP R&S
Hi Networker,
Something I am about to look at now.
Thanks,
CCNA R&S; CCNP R&S
ISAKMP Profile Overview [Cisco IOS IPsec] - Cisco Systems
conf t
crypto ipsec client ezvpn (Company Name)
connect auto
group EzVPN key EzVPN
local-address loopback0
mode network-extension (or Client)
peer (IP Address of EzVPN server)
ip dhcp pool dhcpPool
network 192.168.0.0 255.255.255.0
dns-server 24.29.1.218 24.29.1.219
default-router 192.168.0.1
lease 0 16
exit
ip dhcp excluded-address 192.168.0.1
interface loopback 0
ip address (Public IP Address) 255.255.255.255
interface Ethernet 0
ip address 192.168.0.1 255.255.255.0
crypto ipsec client ezvpn (Name) inside
interface (outgoing int)
crypto ipsec client ezvpn (Name)
exit
router rip <-- or what ever you are using
passive-interface loopback0
passive-interface ethernet0
distribute-list 50 out (outgoing int) 0
exit
access-list 50 permit (Public IP Address) 0.0.0.0
exit
I think “very senior” gets stuck in there because the last six yahoos that applied for the position couldn’t tell a packet from a Snickers bar.
Luck is where opportunity and proper planning meet
I have not failed. I've just found 10,000 ways that won't work.
Thomas A. Edison
Just wanted to thanks for the help guys. Now have everything up and running.
CCNA R&S; CCNP R&S