How to Setup a Cisco Router VPN (Site-to-Site): Cisco Router Training 101

Рет қаралды 289,291

soundtraining.net

Күн бұрын

Пікірлер

@dusoklimo3437 9 жыл бұрын

Thank you so much i could not had better introduction to VPNs than this video. all the best, Dusan

@soundtraining 11 жыл бұрын

The VPN tunnels are from the outside interface on one router to the outside interface on the other router. In a typical site-to-site VPN configuration, you should configure the tunnel-groups and peers with the other router's outside interface IP address. The access-lists should be configured to permit traffic flows from one router's inside network to the other router's inside network. Hope that helps.

@soundtraining 11 жыл бұрын

Thanks for your comment. Sorry for the delay in replying. I'm not sure how I missed it. It's a matter of configuring separate policies for the site-to-site and remote-access VPNs. Search on the term "site-to-site vpn and remote-access vpn on the same router". You'll find several forum and blog posts covering how to do it and issues others have encountered during the process.

@bernadettesolorio-vasquez5767 9 жыл бұрын

Thanks Mr. Crawley, you have a very user friendly speaking voice - I googled ASA5505 Firewall to DMZ - and I found you. You gave me clarity on how I will design my senior project security setup. Will search your site for more firewall ideas and network segmentation. Thank you again, sir.

@soundtraining 11 жыл бұрын

Thanks for your comment. You should be able to set up a site-to-site VPN using an ADSL modem. Search on the term "site to site vpn over adsl" and there are several articles and discussions about how to do it. Good luck!

@soundtraining 11 жыл бұрын

The demo doesn't use NAT. If you use NAT on the router along with a site-to-site VPN, you must use an access-list with a NAT statement to specify which traffic you want to NAT and which you don't want to NAT. As to your comment about a user, there is no user in a site-to-site VPN, it's router-to-router. As you can see in the video, it works fine. The video is recorded live and there are no editing tricks.

@victorakara423 3 жыл бұрын

Great and Brilliant Training

@soundtraining 11 жыл бұрын

Just to clarify, you're right to be thinking about a static IP address for the ASA. That's clearly the best solution. If, for whatever reason, that's not possible, the dynamic DNS client may solve your problem. Good luck!

@BryanMPhx 10 жыл бұрын

Bryan McGann enjoyed this video immensely. It is worth watching.

@marcoliocops 4 жыл бұрын

So no cisco routers, no VPN? if the remote client is on a TPlink will they not be able to connect?

@jammerjammer489 3 жыл бұрын

why was no diffie helman group set in the isakmp policy?

@daveolmsted6511 4 жыл бұрын

Would it be possible to use a dynamic DNS name for the outside interface rather than an IP address? This would be for offices that don't have a static external address form there ISP's.

@simonsparks6959 5 жыл бұрын

I am trying this on a Cisco 1921 running c1900-universalk9-mz.SPA.157-3.M2.bin and I am unable to set the interface like you do at 9min 52secs in the video

@musaveerah6159 9 жыл бұрын

hi, the video is helpful and i need your help, we are setting up a network where one site has CISCO router and the other site has their router not the CISCO route. So how can i provide the connectivity??? Thanks

@ABMA79 5 жыл бұрын

an amazing video. Thanks for sharing and hoping to see more educative videos like that from you. Again, many thanks.

@IamDoQtorNo 10 жыл бұрын

I have a cisco zrw100. I was able to get the router working so i can connect to it. How do I set it up so that I can allow users outside of building off site to connect.

@techwerwireless8529 10 жыл бұрын

I have configured a wrong interface during the configuration, after the command "set peer XX.XX.XXX.XX" i run "interface gigabitethernet 0/0" but my outside interface is gigabitethernet 0/1. so i tried removing that by "no interface gigabitethernet 0/0" but it's giving me an error. what i want to do is to select gigabitethernet 0/1 as my outside interface. Thanks, Sandy

@plopman6391 10 жыл бұрын

shouldn't the static route be just be set for the remote LAN address and reachable via the other router's outside IP address?

@plopperator 9 жыл бұрын

How do you know what you've done here is even encrypting the traffic and not just routing as normal?

@soundtraining 11 жыл бұрын

The dynamic IP address is not an ASA issue. You need a dynamic DNS client running on your inside subnet. The dynamic DNS client will detect when the ASA's outside IP address changes and update your DNS server's A record accordingly. It's been a while since I used that type of service, but just search for "dynamic dns update client" and you'll find something to try. The key is to put it on a computer on your inside subnet. The ASA itself doesn't support it, but your internal client should work.

@krishnasakhi6998 9 жыл бұрын

HI, please can u tell me which cisco router's supports ipsec and vpn?? or is it depends on the ios version??

@ezekwise4610 11 жыл бұрын

Awesome video. One question I want to ask regarding VPN IPsec. Is it possible to create site to site vpn IPsec when one site is using adls modem so the cisco router will be behind the modem. If it is can possible can you make a video on that or advice on that issue. Thanks

@MultiSivakumar123 10 жыл бұрын

hai soundtraining, i am planning to implement site to site vpn btw my two office by using cisco router 28xx ..but i have a doubt , shall i need to buy any licence

@PriestApostate 5 жыл бұрын

Just found this awesome video...do you have one for setting up BGP peers?

@cortega26 7 жыл бұрын

Will this VPN work with routing protocols using multicast/broadcast packets?

@ayandamkhohlwa156 4 жыл бұрын

can any one provide a Link to download PDF STEP BY STEP VPN Configurations

@naapps9729 9 жыл бұрын

Hi, Thanks for quick reply. I have two static IPs / dedicated IPs that I will configure on WAN port. Will watch the video you mentioned hopefully will get back with some results. By the way, we DO NOT need to configure default GateWay when configuring the Static IP on WAN port?

@soundtraining 9 жыл бұрын

NA Apps I have never gotten it to work without configuring the default gateway. That doesn't mean it won't work for you without a gateway. Please post if it works for you without a gateway.

@plopman6391 10 жыл бұрын

what's the difference between a profile and a policy?

@engytarek9404 11 жыл бұрын

Thank you so much for this GREAT video , i have some questions: will this configration be the same if the office got a static IP , but the host is using DHCP ? what will i change in this case? and after configuration how to access the vpn from the remote PC ? would it require a user name and password like the case when you make a vpn using the server-client config. ? if yes how to set users?

@sureshjoshi5933 11 жыл бұрын

Hi Don, Need to know that during your configuration you applied route map to interface directly without ACL declaration if we will put like this in production will it lead to outage as ACL 100 will do implicit deny to every packet. Please help me in same thanks regards Suresh Joshi

@KingCorsica13 11 жыл бұрын

Cracking video - thank you! Really helpful.

@metarex000 Жыл бұрын

This guy is a pro

@kesselrun6170 9 жыл бұрын

Thanks, very nice 192.168.1.1 Is your default route correct? crypto ipsec transform-set VPNSET crypto map VPNSET do these have to be the same? VPNKEY is your AES key? How big can I make my key? How would I advertise the VPN via OSPF/EIGRP? I assume that the ACL No on R1 does not have to have the same as the ACL No on R2, ie ACL100 and ACL102 Can you do a demo where R1 and R2 also go to an ISP using completely different networks?

@ksudude25 11 жыл бұрын

Great video, this will gives me an idea of what I'm going to connect from my home office and my office in the same city. I am wondering if you can give me your opinion. What is your thoughts about Cisco RV180 VPN Router for vpn. Would I use the same procedure to connect my home and office?

@nishadmorey9627 9 жыл бұрын

Hi, thanks for the awesome video. I have a question If service provider give us two gateways for two routers so does we need to set static route on both routers.? do we need to configure VPN on second router also.?

@nishadmorey9627 9 жыл бұрын

+Don R. Crawley Thx for the reply. I have tested VPN in on one router GNS3 but it was not working. when i used to ping host of the second router it says connection timeout.

@naapps9729 9 жыл бұрын

Hello Again, Is there email address I can email the configurations I have with modified version of network diagram? Thanks in advance!

@soundtraining 11 жыл бұрын

I'm not personally familiar with the RV180, but the reviews on Amazon for it are not very complimentary. It looks like it's probably more of a consumer or small business device than a commercial-grade router. I doubt that it's IOS-based, which means the same procedure as shown in the video would not work with it. Sorry I can't be more help.

@derHuckepackmann 10 жыл бұрын

i have two 2851. both have the AIM-VPN/EPII-PLUS module. can i do a site to site connection with them? i am trying to configure both of my routers according to this video and for some reasons it doesn't work.

@soundtraining 10 жыл бұрын

Your routers should support a VPN configuration, but I don't have experience with that particular module.

@fixxxer3456 10 жыл бұрын

You can try this in GNS3 with a Cisco 7200 router.

@naapps9729 9 жыл бұрын

Hi, Thanks for this video. If I am not wrong, we do need dedicated /static IPs. In this video I can only see 192.168.X.X Can someone elaborate why its like this? Or where to replace IPs with dedicated IPs.

@soundtraining 9 жыл бұрын

NA Apps The 192.168 addresses are used on the outside interfaces for demonstration purposes only. Presumably, you will get the outside addresses from a service provider. You can use the private addresses (192.168) on the inside interfaces. If you're not familiar with how to configure IP addresses on an interface, watch this video: kzbin.info/www/bejne/j2G9n4WjnK6Bnac

@kartikikale21 5 жыл бұрын

Very well explained !! Best :) :)

@Vitiuxa 11 жыл бұрын

Also you running this environment on GNS3? How did you manage to setup c870 on GNS3?

@soundtraining 11 жыл бұрын

This was done on actual 870 routers. I wish there was a way to run more modern software in GNS3 and perhaps the new version, due out in late 2014, will provide that support. Still, GNS3 is a great tool.

@jonathancorpuz 6 жыл бұрын

how do i know my DIA IP/VPN..?

@southfl21 7 жыл бұрын

Please make the same video for Ikev2.

@grindstorm 11 жыл бұрын

Thank you for the tutorial, sadly only our ISP can manage and configure our Cisco routers we only connect our main and branch office thru a configure VPN server but its not that really good =(.

@soundtraining 11 жыл бұрын

I'm glad it was helpful. :)

@naapps9729 9 жыл бұрын

Hi, Is there email address I can email the configurations I have with modified version of network diagram (dedicated IPs). Thanks in advance.

@soundtraining 9 жыл бұрын

NA Apps I don't provide technical support or consulting. I recommend that you purchase a Cisco SMARTnet contract from the reseller where you purchased your router. The SMARTnet contract is not very expensive and it provides you with access to Cisco engineers to help with configuration and troubleshooting. Alternatively, there are a variety of forums where you can post questions and get answers from the community including supportforums.cisco.com, serverfault.com, and www.experts-exchange.com. Also, consider participating in a Cisco users group. This link will help you find a Cisco users group in your part of the world: learningnetwork.cisco.com/community/connections/cisco_user_groups_intl/locate?view=overview

@naapps9729 9 жыл бұрын

soundtraining.net Ok, thanks for your message and information.

@NwasFalih 8 жыл бұрын

Thanks for this video.

@HUSSEIN10764 10 жыл бұрын

great thanks sir don

@EkimElectro 10 жыл бұрын

Thanks. Nice tut' Mike

@saadalahmadi 5 жыл бұрын

thanks

@heshammcse 11 жыл бұрын

Thank you!

@stevek3036 7 жыл бұрын

Good intro' to VPN IPSEC. Thanks

@kiran8295 8 жыл бұрын

thank you

@CalulkCalul 9 жыл бұрын

Perfect.

@rolyg_gsf 11 жыл бұрын

GREAT VIDEO. A++++++++++++

@odjumoses6702 11 жыл бұрын

Gre8 video

@samlaw1501 8 жыл бұрын

Wow.. thanks

@TheRcbthree 10 жыл бұрын

Wow that was great, i got everything working in my home lab and GNS3! my one question is the last command ip route 0.0.0.0 0.0.0.0 192.168.1.1 where in the world do you get 192.168.1.1??? shouldnt it be .11 and .10? Thanks again for your great vid!

@soundtraining 10 жыл бұрын

Great question. You would only use .10 and .11 as default routes if those were actually the gateways. In the real world, the two routers would not be directly connected, but would probably connect via a service provider. In that case, you would use whatever gateway address was provided by your service provider. In the lab, with the routers directly connected, it doesn't seem to matter what address you use, as long as you provide an address.

@TheRcbthree 10 жыл бұрын

soundtraining.net ahhhh yes! The force is strong in you! Thank you again!