LingaringBell
IS-IT--Management
I have never set up a GRE Tunnel before so I was hoping someone could look over my configs and tell me if I have grasped all the concepts correctly. What I want is for regular public internet traffic in each site to still be able to go out the T1, but then to route all the private traffic through the tunnel. Thanks for your help. Here are the two router configs:
hostname Site1
!
interface FastEthernet0
description Internal_Network
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip nbar protocol-discovery
ip route-cache flow
speed auto
full-duplex
!
interface Serial0
description T1
ip address 39.99.202.254 255.255.255.252
ip access-group 107 in
ip verify unicast reverse-path
ip nat outside
ip nbar protocol-discovery
encapsulation ppp
ip route-cache flow
service-module t1 timeslots 1-24
crypto map myvpn
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key ciscokey address 39.114.7.214
!
!
crypto ipsec transform-set to_site2 esp-des esp-md5-hmac
!
crypto map myvpn 10 ipsec-isakmp
set peer 39.114.7.214
set transform-set to_site2
match address 101
!
!
!
!
!
interface Tunnel0
ip address 10.10.13.1 255.255.255.0
tunnel source Serial0
tunnel destination 39.114.7.214
!
!
!
ip nat pool ovrld 38.96.138.9 38.96.138.9 prefix-length 24
ip nat inside source list 7 pool ovrld overload
ip classless
ip route 0.0.0.0 0.0.0.0 39.99.202.253
ip route 192.168.2.0 255.255.0.0 10.10.13.2
!
!
!
access-list 7 permit 192.168.0.0 0.0.255.255
access-list 7 permit 10.10.13.0 0.0.0.255
access-list 101 permit gre host 39.99.202.254 host 39.114.7.214
access-list 107 permit gre host 39.114.7.214 host 39.99.202.254
access-list 107 permit esp host 39.114.7.214 host 39.99.202.254
access-list 107 permit udp host 39.114.7.214 eq isakmp host 39.99.202.254
access-list 107 permit tcp any any established
access-list 107 deny ip any any
dialer-list 1 protocol ip permit
!
!
!
hostname Site2
!
!
interface FastEthernet0
description Internal_Network
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
speed 100
full-duplex
!
!
interface Serial1
description T1
ip address 39.114.7.214 255.255.255.252
ip access-group 107 in
ip verify unicast reverse-path
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
service-module t1 timeslots 1-24
crypto map myvpn
!
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key ciscokey address 39.99.202.254
!
!
crypto ipsec transform-set to_site1 esp-des esp-md5-hmac
!
crypto map myvpn 10 ipsec-isakmp
set peer 39.99.202.254
set transform-set to_site1
match address 101
!
!
!
!
!
interface Tunnel0
ip address 10.10.13.2 255.255.255.0
tunnel source Serial1
tunnel destination 39.99.202.254
!
!
!
ip nat pool ovrld 39.114.7.214 39.114.7.214 prefix-length 24
ip nat inside source list 7 pool ovrld overload
ip route 0.0.0.0 0.0.0.0 39.114.7.213
ip route 192.168.1.0 255.255.0.0 10.10.13.1
!
!
!
access-list 7 permit 192.168.0.0 0.0.255.255
access-list 7 permit 10.10.13.0 0.0.0.255
access-list 101 permit gre host 39.114.7.214 host 39.99.202.254
access-list 107 permit gre host 39.99.202.254 host 39.114.7.214
access-list 107 permit esp host 39.99.202.254 host 39.114.7.214
access-list 107 permit udp host 39.99.202.254 eq isakmp host 39.114.7.214
access-list 107 permit tcp any any established
access-list 107 deny ip any any
hostname Site1
!
interface FastEthernet0
description Internal_Network
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip nbar protocol-discovery
ip route-cache flow
speed auto
full-duplex
!
interface Serial0
description T1
ip address 39.99.202.254 255.255.255.252
ip access-group 107 in
ip verify unicast reverse-path
ip nat outside
ip nbar protocol-discovery
encapsulation ppp
ip route-cache flow
service-module t1 timeslots 1-24
crypto map myvpn
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key ciscokey address 39.114.7.214
!
!
crypto ipsec transform-set to_site2 esp-des esp-md5-hmac
!
crypto map myvpn 10 ipsec-isakmp
set peer 39.114.7.214
set transform-set to_site2
match address 101
!
!
!
!
!
interface Tunnel0
ip address 10.10.13.1 255.255.255.0
tunnel source Serial0
tunnel destination 39.114.7.214
!
!
!
ip nat pool ovrld 38.96.138.9 38.96.138.9 prefix-length 24
ip nat inside source list 7 pool ovrld overload
ip classless
ip route 0.0.0.0 0.0.0.0 39.99.202.253
ip route 192.168.2.0 255.255.0.0 10.10.13.2
!
!
!
access-list 7 permit 192.168.0.0 0.0.255.255
access-list 7 permit 10.10.13.0 0.0.0.255
access-list 101 permit gre host 39.99.202.254 host 39.114.7.214
access-list 107 permit gre host 39.114.7.214 host 39.99.202.254
access-list 107 permit esp host 39.114.7.214 host 39.99.202.254
access-list 107 permit udp host 39.114.7.214 eq isakmp host 39.99.202.254
access-list 107 permit tcp any any established
access-list 107 deny ip any any
dialer-list 1 protocol ip permit
!
!
!
hostname Site2
!
!
interface FastEthernet0
description Internal_Network
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
speed 100
full-duplex
!
!
interface Serial1
description T1
ip address 39.114.7.214 255.255.255.252
ip access-group 107 in
ip verify unicast reverse-path
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
service-module t1 timeslots 1-24
crypto map myvpn
!
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key ciscokey address 39.99.202.254
!
!
crypto ipsec transform-set to_site1 esp-des esp-md5-hmac
!
crypto map myvpn 10 ipsec-isakmp
set peer 39.99.202.254
set transform-set to_site1
match address 101
!
!
!
!
!
interface Tunnel0
ip address 10.10.13.2 255.255.255.0
tunnel source Serial1
tunnel destination 39.99.202.254
!
!
!
ip nat pool ovrld 39.114.7.214 39.114.7.214 prefix-length 24
ip nat inside source list 7 pool ovrld overload
ip route 0.0.0.0 0.0.0.0 39.114.7.213
ip route 192.168.1.0 255.255.0.0 10.10.13.1
!
!
!
access-list 7 permit 192.168.0.0 0.0.255.255
access-list 7 permit 10.10.13.0 0.0.0.255
access-list 101 permit gre host 39.114.7.214 host 39.99.202.254
access-list 107 permit gre host 39.99.202.254 host 39.114.7.214
access-list 107 permit esp host 39.99.202.254 host 39.114.7.214
access-list 107 permit udp host 39.99.202.254 eq isakmp host 39.114.7.214
access-list 107 permit tcp any any established
access-list 107 deny ip any any