Announcement

Collapse
No announcement yet.

help in vpn site to site

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • help in vpn site to site

    hello for all
    i have 4 cisco routers
    main office have 1841 cisco router
    and 3 branches have 877 cisco routers
    i want make vpn conections between this main office and all branches
    i dont have real ip
    i read about i can make it by ddns
    like dyndns.org
    i want help in configration for all routers by ddns
    all routers behind adsl modem

    king Regards
    zizo

  • #2
    help in vpn site to site

    if you can help me also how to make gre tunnel by ddns
    i will be thank
    king regards
    zizo

    Comment


    • #3
      Re: help in vpn site to site

      Never used DDNS when implementing VPNs, so I don't know if the following links will help. The section labeled "Supporting Dynamic Addresses on Spokes" is close to meeting your requirements, but the HUB must have a static IP.

      Dynamic Multipoint IPsec VPNs (Using Multipoint GRE/NHRP to Scale IPsec VPNs)

      A couple of other links that might apply

      GRE over IPSec with EIGRP to Route Through a Hub and Multiple Remote Sites Configuration Example

      Configuring an IPsec Router Dynamic LAN-to-LAN Peer and VPN Clients

      Comment


      • #4
        Re: help in vpn site to site

        THANKS SIR FOR REPLAY ME
        OK
        IF I TAKE FROM ISP static ips
        how many ips i need it for 4 branches
        and where i put it i mean which interface i put static ip
        to make vpn between 4 branches
        regards
        zizo

        Comment


        • #5
          Re: help in vpn site to site

          Just the HUB router (1841) would need to be converted to a static IP address. Check with your ISP on having your current internet circuit re-provisioned to static. All branch routers (spokes) can continue to use dynamically assigned IP addresses.

          All spoke routers vpn configuration will "peer" with the same static IP address assigned to the 1841.

          Comment


          • #6
            Re: help in vpn site to site

            i want ask about confgration if i make it like this between 3 branshes withs static ip
            do will be conected like vpn site to site
            Head_office(config)#interface tunnel 0
            Head_office(config-if)#description Head_office to cisco
            Head_office(config-if)#ip address 172.16.1.1 255.255.255.252 //this is the IP of Tunnel interface//
            Head_office(config-if)#tunnel source 201.201.201.1 //this is the dialer IP of this routerHead_office(config)#interface tunnel 1
            Head_office(config-if)#description Head_office to cisco
            Head_office(config-if)#ip address 172.16.2.1 255.255.255.252 //this is the IP of Tunnel interface//
            Head_office(config-if)#tunnel source 201.201.201.1 //this is the dialer IP of this router_
            Head_office(config-if)#tunnel destination 200.200.200.1 //bransh 2
            Head_office(config-if)#tunnel destination 200.200.200.2 //this is the dialer IP of remote router branch one


            bransh 1
            cisco(config)#interface tunnel 0
            cisco(config-if)#description cisco to Head_office
            cisco(config-if)#ip address 172.16.1.2 255.255.255.252 //this is the IP of Tunnel interface
            cisco(config-if)#tunnel source 200.200.200.1 //this is the dialer IP of this router_
            cisco(config-if)#tunnel destination 201.201.201.1 //this is the dialer IP of remote
            bransh 2

            bransh 2(config-if)#description cisco to Head_office
            bransh 2(config-if)#ip address 172.16.2.2 255.255.255.252 //this is the IP of Tunnel interface
            bransh 2(config-if)#tunnel source 200.200.200.2 //this is the dialer IP of this router
            bransh 2(config-if)#tunnel destination 201.201.201.1 //this is the dialer IP of remote

            Comment


            • #7
              Re: help in vpn site to site

              and please informe me about qos command
              and secuirty command for this if this configration vaild to make conections

              Comment


              • #8
                Re: help in vpn site to site

                If you convert all your sites to static IP assignment, then your configuration will work with a couple of changes as shown below. Even with the changes, you will still need to add static routes for the networks behind the tunnel endpoints.

                I would also specify the dialer interface for the tunnel source

                Code:
                 
                Head Office
                interface tunnel 0
                 description Head Office to Branch 1
                 ip address 172.16.1.1 255.255.255.252
                 tunnel source 201.201.201.1
                 tunnel destination 200.200.200.2
                 
                interface tunnel 1
                 description Head Office to Branch 2
                 ip address 172.16.2.1 255.255.255.252
                 tunnel source 201.201.201.1
                 tunnel destination 200.200.200.1
                 
                Branch 1
                interface tunnel 0
                 description Branch to Head Office
                 ip address 172.16.1.2 255.255.255.252
                 tunnel source 200.200.200.1
                 tunnel destination 201.201.201.1
                 
                Branch 2
                interface tunnel 0
                 description Branch to Head Office
                 ip address 172.16.2.2 255.255.255.252
                 tunnel source 200.200.200.2
                 tunnel destination 201.201.201.1

                Comment

                Working...
                X