Have a question or want to start a discussion? Post it! No Registration Necessary. Now with pictures!
May 30, 2007, 2:10 pm
rate this thread
Re: vpdn on 6500
IOS: Depending on your needs, a more basic IOS could do a GRE tunnel. =
An IOS with K3 or O3 in the filename or advanced security or advanced IP =
services would offer more features. Pay more attention to the features =
of the IOS file, not as much to the version number as long as it is at =
least 12.X.X. It's the 21st century - no more IOS less than 12.X.X.
This is a bit complex - VPN could be done in several ways.
There are remote access VPN connections.
There are also site-to-site (LAN to LAN) VPN connections.
Whichever is used, there are several encryption methods.
There are also several different tunneling methods.
This is assuming the following:
Both routers (6500 switch with MSFC) have IP addresses which can =
reach each other
CRYPTO MAP METHOD
crypto isakmp policy 10
crypto ipsec transform-set MD5-3DES ah-md5-hmac esp-3des
crypto isakmp key (pre-shared key) address (peer global IP address)
crypto map myvpn 10 ipsec-isakmp
set peer (peer global IP address)
set transform-set MD5-3DES
match address vpn-iprange
interface (global IP address interface)
crypto map myvpn
ip access-list extended vpn-iprange
permit ip (local VPN network subnet IP and wildcard mask) (remote VPN =
network subnet IP and wildcard mask)
ip route (remote VPN network subnet IP and subnet mask) (subnet ID for =
global IP interface) =20
Put that configuration on both devices. The access-lists should be a =
mirror of each other.
There is another method which uses virtual interfaces (example - tunnel =
1) to establish a VPN connection.
I do not accept direct replies. Reply to NNTP.
- » Digital Printing Malaysia | Printing Company Malaysia| Dot2Dot
- — Newest thread in » Cisco Certification