Site-to-site VPN Cisco 1811 - wireless

~ Thank you in advance for your help, experts. ~ ~ I have a family friend that owns a small company with 2 locations (10 ~ pcs on one end, and 5 on the other). They have static IP addresses - ~ their internet connection is a Wireless connection (DSL and Cable not ~ available). ~ ~ He would like to setup some way for the PCs at both locations to be ~ able to talk to each other. I am thinking about purchasing 2 x Cisco ~ 1811 routers, connecting them to the ethernet connection provided by ~ the wireless devices located at each location, and setting up a site- ~ to-site VPN connection using these devices. ~ ~ First of all, does this sound like something that's workable/doable? ~ Second, if it is doable, does anybody know these routers well enough ~ to tell me if it is something that I should be able to do within the ~ SDM (GUI), or if there will be a lot of command line configuration ~ required. And, finally, can anybody give me the steps I would have to ~ perform to get this to work properly - or a website I can go to that ~ will give me a step-by-step procedure to complete this task with these ~ routers. ~ ~ We don't have a ton of money, just enough for the equipment, and want ~ to make sure it's something that will even be possible if the ~ equipment is purchased in this scenario - before delving head first ~ into it. And if it is possible, we want to make sure it's something ~ that we'll be able to actually do ourselves - hence the step-by-step ~ procedures requested. ~ ~ I am very tech savy, and actually had my CCNA quite a few years ago, ~ so I know my way around most routers (for the most part). However, ~ things have changed, and I want to make sure I can handle this before ~ commiting to him. ~ ~ Thanks a bunch, experts - you're my saving grace...

What kind of wireless are you talking about? 3G (CDMA/GSM)?

That would be doable with a pair of pair of 3G-equipped 881s (or, more expensively, with higher end routers with 3G HWICs - but not the 1811, which doesn't have 3G.)

I don't know whether or not SDM can configure the whole shebang. In any case, the routers should come with tech support to help you get it set up.

Cheers,

Aaron

Aaron, thanks. It's a wireless provider, not a cellular (3g) provider. It is basically radio waves that come into the building through a wireless receiver - and they basically give us an ethernet port. It's practially the same thing as DSL/Cable - except it's wireless... No cell phone cards or anything like that.

I would also like to know how to "Then configure the IPsec tunnel between the sites. Should work fine.". That's the part I'm not sure on, and wondering if there's maybe a step-by-step procedure? Thanks again.

Do they provide you with a single ethernet port where you can connect only a single PC without providing your own router, or does the device have multiple ports and/or you could connect your own switch and have many pcs access the internet without further hardware and/or software?

I ask this because it is very likely that the box you got from the provider already is a router and provides NAT functionality to translate many internal PC addresses to a single external address.

It will be more difficult to connect another router to such a device and then setup IPsec tunnels.

If you need to ask this, it might be better to ask a supplier to configure everything for you, or to go with another manufacturer who is more oriented towards do-it-yourself installation of their equipment without too much expertise.

-Do they provide you with a single ethernet port where you can connect

-only a single PC without providing your own router, or does the device

-have multiple ports and/or you could connect your own switch and have

-many pcs access the internet without further hardware and/or software?

That's a good question - I'm not really sure. I would assume it's just a modem type device, but you know what they say about assuming.

As far as asking for a step-by-step procedure, it's not that I don't think I would be able to figure it out myself, it's that I'd like to see an example of performing this operation, so I can see what the SDM looks like for this procedure. I currently maintain 3 x Cisco 2800 series routers for the company I work for, and have setup one site-to- site vpn, however, it was done in a completely different environment, and it's an older version of the SDM. I just want to see what the steps look like using this particular router/SDM.

Robert Jacobs schrieb:

Hello Robert,

if you have not yet purchased the hardware - did you consider to set up the whole thing with a little ASA5505 instead of the 1811 at each end? It comes with a SSL webfrontend and a wizard within for setting up the ipsec site to site. Costs for the 2 ASAs should be less, too, I think.

Regards, Claudio

before you do anything, I would suggest you should call the internet provider to make sure they do not block ipsec. I have seen some wireless providers that do.