vpdn on 6500

An IOS with K3 or O3 in the filename or advanced security or advanced IP services would offer more features. Pay more attention to the features of the IOS file, not as much to the version number as long as it is at least 12.X.X. It's the 21st century - no more IOS less than 12.X.X.

This is a bit complex - VPN could be done in several ways.

There are remote access VPN connections. There are also site-to-site (LAN to LAN) VPN connections. Whichever is used, there are several encryption methods. There are also several different tunneling methods.

This is assuming the following: LAN-to-LAN VPN 3DES encryption MD5 hash Both routers (6500 switch with MSFC) have IP addresses which can reach each other

CRYPTO MAP METHOD crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 ! crypto ipsec transform-set MD5-3DES ah-md5-hmac esp-3des mode transport ! crypto isakmp key (pre-shared key) address (peer global IP address) crypto map myvpn 10 ipsec-isakmp set peer (peer global IP address) set transform-set MD5-3DES match address vpn-iprange ! interface (global IP address interface) crypto map myvpn ! ip access-list extended vpn-iprange permit ip (local VPN network subnet IP and wildcard mask) (remote VPN network subnet IP and wildcard mask) ! ip route (remote VPN network subnet IP and subnet mask) (subnet ID for global IP interface) Put that configuration on both devices. The access-lists should be a mirror of each other.

There is another method which uses virtual interfaces (example - tunnel 1) to establish a VPN connection.

=========== Scott Perry =========== Indianapolis, Indiana

________________________________________ I do not accept direct replies. Reply to NNTP.