How to Setup a Cisco Router VPN (Site-to-Site): Cisco Router Training 101
Рет қаралды 288,043
Күн бұрын
@dusoklimo3437 9 жыл бұрын
Thank you so much i could not had better introduction to VPNs than this video. all the best, Dusan
@soundtraining 11 жыл бұрын
The VPN tunnels are from the outside interface on one router to the outside interface on the other router. In a typical site-to-site VPN configuration, you should configure the tunnel-groups and peers with the other router's outside interface IP address. The access-lists should be configured to permit traffic flows from one router's inside network to the other router's inside network. Hope that helps.
@bernadettesolorio-vasquez5767 9 жыл бұрын
Thanks Mr. Crawley, you have a very user friendly speaking voice - I googled ASA5505 Firewall to DMZ - and I found you. You gave me clarity on how I will design my senior project security setup. Will search your site for more firewall ideas and network segmentation. Thank you again, sir.
@victorakara423 3 жыл бұрын
Great and Brilliant Training
@BryanMPhx 10 жыл бұрын
Bryan McGann enjoyed this video immensely. It is worth watching.
@soundtraining 11 жыл бұрын
Just to clarify, you're right to be thinking about a static IP address for the ASA. That's clearly the best solution. If, for whatever reason, that's not possible, the dynamic DNS client may solve your problem. Good luck!
@soundtraining 11 жыл бұрын
Thanks for your comment. Sorry for the delay in replying. I'm not sure how I missed it. It's a matter of configuring separate policies for the site-to-site and remote-access VPNs. Search on the term "site-to-site vpn and remote-access vpn on the same router". You'll find several forum and blog posts covering how to do it and issues others have encountered during the process.
@soundtraining 11 жыл бұрын
The demo doesn't use NAT. If you use NAT on the router along with a site-to-site VPN, you must use an access-list with a NAT statement to specify which traffic you want to NAT and which you don't want to NAT. As to your comment about a user, there is no user in a site-to-site VPN, it's router-to-router. As you can see in the video, it works fine. The video is recorded live and there are no editing tricks.
@soundtraining 11 жыл бұрын
Thanks for your comment. You should be able to set up a site-to-site VPN using an ADSL modem. Search on the term "site to site vpn over adsl" and there are several articles and discussions about how to do it. Good luck!
@ksudude25 11 жыл бұрын
Great video, this will gives me an idea of what I'm going to connect from my home office and my office in the same city. I am wondering if you can give me your opinion. What is your thoughts about Cisco RV180 VPN Router for vpn. Would I use the same procedure to connect my home and office?
@musaveerah6159 8 жыл бұрын
hi, the video is helpful and i need your help, we are setting up a network where one site has CISCO router and the other site has their router not the CISCO route. So how can i provide the connectivity??? Thanks
@engytarek9404 11 жыл бұрын
Thank you so much for this GREAT video , i have some questions: will this configration be the same if the office got a static IP , but the host is using DHCP ? what will i change in this case? and after configuration how to access the vpn from the remote PC ? would it require a user name and password like the case when you make a vpn using the server-client config. ? if yes how to set users?
@metarex000 Жыл бұрын
This guy is a pro
@PriestApostate 4 жыл бұрын
Just found this awesome video...do you have one for setting up BGP peers?
@ezekwise4610 11 жыл бұрын
Awesome video. One question I want to ask regarding VPN IPsec. Is it possible to create site to site vpn IPsec when one site is using adls modem so the cisco router will be behind the modem. If it is can possible can you make a video on that or advice on that issue. Thanks
@ABMA79 4 жыл бұрын
an amazing video. Thanks for sharing and hoping to see more educative videos like that from you. Again, many thanks.
@daveolmsted6511 3 жыл бұрын
Would it be possible to use a dynamic DNS name for the outside interface rather than an IP address? This would be for offices that don't have a static external address form there ISP's.
@naapps9729 9 жыл бұрын
Hi, Thanks for quick reply. I have two static IPs / dedicated IPs that I will configure on WAN port. Will watch the video you mentioned hopefully will get back with some results. By the way, we DO NOT need to configure default GateWay when configuring the Static IP on WAN port?
@soundtraining 9 жыл бұрын
NA Apps I have never gotten it to work without configuring the default gateway. That doesn't mean it won't work for you without a gateway. Please post if it works for you without a gateway.
@nishadmorey9627 9 жыл бұрын
Hi, thanks for the awesome video. I have a question If service provider give us two gateways for two routers so does we need to set static route on both routers.? do we need to configure VPN on second router also.?
@nishadmorey9627 9 жыл бұрын
+Don R. Crawley Thx for the reply. I have tested VPN in on one router GNS3 but it was not working. when i used to ping host of the second router it says connection timeout.
@simonsparks6959 5 жыл бұрын
I am trying this on a Cisco 1921 running c1900-universalk9-mz.SPA.157-3.M2.bin and I am unable to set the interface like you do at 9min 52secs in the video
@KingCorsica13 11 жыл бұрын
Cracking video - thank you! Really helpful.
@cortega26 7 жыл бұрын
Will this VPN work with routing protocols using multicast/broadcast packets?
@plopperator 9 жыл бұрын
How do you know what you've done here is even encrypting the traffic and not just routing as normal?
@krishnasakhi6998 8 жыл бұрын
HI, please can u tell me which cisco router's supports ipsec and vpn?? or is it depends on the ios version??
@jammerjammer489 3 жыл бұрын
why was no diffie helman group set in the isakmp policy?
@kesselrun6170 9 жыл бұрын
Thanks, very nice 192.168.1.1 Is your default route correct? crypto ipsec transform-set VPNSET crypto map VPNSET do these have to be the same? VPNKEY is your AES key? How big can I make my key? How would I advertise the VPN via OSPF/EIGRP? I assume that the ACL No on R1 does not have to have the same as the ACL No on R2, ie ACL100 and ACL102 Can you do a demo where R1 and R2 also go to an ISP using completely different networks?
@marcoliocops 3 жыл бұрын
So no cisco routers, no VPN? if the remote client is on a TPlink will they not be able to connect?
@soundtraining 11 жыл бұрын
The dynamic IP address is not an ASA issue. You need a dynamic DNS client running on your inside subnet. The dynamic DNS client will detect when the ASA's outside IP address changes and update your DNS server's A record accordingly. It's been a while since I used that type of service, but just search for "dynamic dns update client" and you'll find something to try. The key is to put it on a computer on your inside subnet. The ASA itself doesn't support it, but your internal client should work.
@techwerwireless8529 10 жыл бұрын
I have configured a wrong interface during the configuration, after the command "set peer XX.XX.XXX.XX" i run "interface gigabitethernet 0/0" but my outside interface is gigabitethernet 0/1. so i tried removing that by "no interface gigabitethernet 0/0" but it's giving me an error. what i want to do is to select gigabitethernet 0/1 as my outside interface. Thanks, Sandy
@naapps9729 9 жыл бұрын
Hello Again, Is there email address I can email the configurations I have with modified version of network diagram? Thanks in advance!
@MultiSivakumar123 10 жыл бұрын
hai soundtraining, i am planning to implement site to site vpn btw my two office by using cisco router 28xx ..but i have a doubt , shall i need to buy any licence
@plopman6391 10 жыл бұрын
shouldn't the static route be just be set for the remote LAN address and reachable via the other router's outside IP address?
@fixxxer3456 10 жыл бұрын
You can try this in GNS3 with a Cisco 7200 router.
@IamDoQtorNo 10 жыл бұрын
I have a cisco zrw100. I was able to get the router working so i can connect to it. How do I set it up so that I can allow users outside of building off site to connect.
@sureshjoshi5933 11 жыл бұрын
Hi Don, Need to know that during your configuration you applied route map to interface directly without ACL declaration if we will put like this in production will it lead to outage as ACL 100 will do implicit deny to every packet. Please help me in same thanks regards Suresh Joshi
@NwasFalih 8 жыл бұрын
Thanks for this video.
@HUSSEIN10764 10 жыл бұрын
great thanks sir don
@plopman6391 10 жыл бұрын
what's the difference between a profile and a policy?
@derHuckepackmann 10 жыл бұрын
i have two 2851. both have the AIM-VPN/EPII-PLUS module. can i do a site to site connection with them? i am trying to configure both of my routers according to this video and for some reasons it doesn't work.
@soundtraining 10 жыл бұрын
Your routers should support a VPN configuration, but I don't have experience with that particular module.
@Vitiuxa 11 жыл бұрын
Also you running this environment on GNS3? How did you manage to setup c870 on GNS3?
@soundtraining 11 жыл бұрын
This was done on actual 870 routers. I wish there was a way to run more modern software in GNS3 and perhaps the new version, due out in late 2014, will provide that support. Still, GNS3 is a great tool.
@grindstorm 11 жыл бұрын
Thank you for the tutorial, sadly only our ISP can manage and configure our Cisco routers we only connect our main and branch office thru a configure VPN server but its not that really good =(.
@kartikikale21 4 жыл бұрын
Very well explained !! Best :) :)
@stevek3036 7 жыл бұрын
Good intro' to VPN IPSEC. Thanks
@southfl21 7 жыл бұрын
Please make the same video for Ikev2.
@EkimElectro 10 жыл бұрын
Thanks. Nice tut' Mike
@heshammcse 11 жыл бұрын
Thank you!
@soundtraining 11 жыл бұрын
I'm not personally familiar with the RV180, but the reviews on Amazon for it are not very complimentary. It looks like it's probably more of a consumer or small business device than a commercial-grade router. I doubt that it's IOS-based, which means the same procedure as shown in the video would not work with it. Sorry I can't be more help.
@soundtraining 11 жыл бұрын
I'm glad it was helpful. :)
@naapps9729 9 жыл бұрын
Hi, Thanks for this video. If I am not wrong, we do need dedicated /static IPs. In this video I can only see 192.168.X.X Can someone elaborate why its like this? Or where to replace IPs with dedicated IPs.
@soundtraining 9 жыл бұрын
NA Apps The 192.168 addresses are used on the outside interfaces for demonstration purposes only. Presumably, you will get the outside addresses from a service provider. You can use the private addresses (192.168) on the inside interfaces. If you're not familiar with how to configure IP addresses on an interface, watch this video: kzbin.info/www/bejne/j2G9n4WjnK6Bnac
@saadalahmadi 5 жыл бұрын
thanks
@kiran8295 8 жыл бұрын
thank you
@ayandamkhohlwa156 3 жыл бұрын
can any one provide a Link to download PDF STEP BY STEP VPN Configurations
@CalulkCalul 9 жыл бұрын
Perfect.
@TheRcbthree 9 жыл бұрын
Wow that was great, i got everything working in my home lab and GNS3! my one question is the last command ip route 0.0.0.0 0.0.0.0 192.168.1.1 where in the world do you get 192.168.1.1??? shouldnt it be .11 and .10? Thanks again for your great vid!
@soundtraining 9 жыл бұрын
Great question. You would only use .10 and .11 as default routes if those were actually the gateways. In the real world, the two routers would not be directly connected, but would probably connect via a service provider. In that case, you would use whatever gateway address was provided by your service provider. In the lab, with the routers directly connected, it doesn't seem to matter what address you use, as long as you provide an address.
@TheRcbthree 9 жыл бұрын
soundtraining.net ahhhh yes! The force is strong in you! Thank you again!
@naapps9729 9 жыл бұрын
Hi, Is there email address I can email the configurations I have with modified version of network diagram (dedicated IPs). Thanks in advance.
@soundtraining 9 жыл бұрын
NA Apps I don't provide technical support or consulting. I recommend that you purchase a Cisco SMARTnet contract from the reseller where you purchased your router. The SMARTnet contract is not very expensive and it provides you with access to Cisco engineers to help with configuration and troubleshooting. Alternatively, there are a variety of forums where you can post questions and get answers from the community including supportforums.cisco.com, serverfault.com, and www.experts-exchange.com. Also, consider participating in a Cisco users group. This link will help you find a Cisco users group in your part of the world: learningnetwork.cisco.com/community/connections/cisco_user_groups_intl/locate?view=overview
@naapps9729 9 жыл бұрын
soundtraining.net Ok, thanks for your message and information.
@samlaw1501 8 жыл бұрын
Wow.. thanks
@odjumoses6702 11 жыл бұрын
Gre8 video
@rolyg_gsf 11 жыл бұрын
GREAT VIDEO. A++++++++++++
@jonathancorpuz 5 жыл бұрын
how do i know my DIA IP/VPN..?
@twanaosman1 10 жыл бұрын
thanks it's most helpful
@klasadrugag8285 10 жыл бұрын
Łukasz Kostecki nie popiera przejęcia
@klasadrugag8285 10 жыл бұрын
Kosteccy welcome to
@mumsazpatel9759 5 жыл бұрын
skip to 5:07
soundtraining.net
Рет қаралды 251 М.
soundtraining.net
Рет қаралды 294 М.
soundtraining.net
Рет қаралды 103 М.
Cisco Config
Рет қаралды 326 М.
Cisco Config
Рет қаралды 58 М.
Rob Riker's Tech Channel
Рет қаралды 6 М.
soundtraining.net
Рет қаралды 43 М.