[VPN] VPN tunnel between 2 Cisco 1721 Routers
Eric Vyncke
evyncke at cisco.com
Sat Nov 15 15:09:56 EST 2003
You should browse on the Cisco web site to find some examples...
Notably:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009448f.shtml
If you have multiple subnets behind those routers, you should probably use the combination of GRE & IPsec (aka 'tunnel protection').
Else, 'plain' IPsec should be enough.
To bypass NAT for encrypted traffic, you need to use a trick called 'route-map':
ip nat inside source route-map NO_NAT interface ??? overload
route-map NO_NAT permit 10
match ip address 100
access-list 100 deny ip 10.1.1.0 0.0.0.255 10.2.2.0 0.0.0.255
access-list 100 permit ip 10.1.1.0 0.0.0.255 any
Assuming that the encrypted traffic is from 10.1.1.0/24 to 10.2.2.0/24
-eric
At 16:41 12/11/2003 -0600, Glenda Pratts wrote:
>Hello,
>
>I am trying to set up an IPSec tunnel between two Cisco 1721 routers (with
>VPN modules installed) between two networks using private IP addresses. Both
>routers are connected to the internet via a fractional T1, and are running
>Cisco IOS version 12.2(13). I would like to set up encryption for all data
>sent through the tunnel, and use NAT for all traffic not sent through the
>tunnel. Any assistance configuring the VPN and the NAT is greatly
>appreciated.
>
>Thanks,
>
>Glenda Pratts
>System Administrator
>Valve Systems and Controls
>501 W. 38th Street
>Houston, Texas 77018
>713.742.1015 (direct)
>713.742.1010 (fax)
>
>
>_______________________________________________
>VPN mailing list
>VPN at lists.shmoo.com
>http://lists.shmoo.com/mailman/listinfo/vpn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/vpn/attachments/20031115/8dd80036/attachment.htm
More information about the VPN
mailing list