Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN IPSEC between 3 sites 1

Status
Not open for further replies.
Rod25

Rod25

Technical User
Sep 19, 2003
122
Hi Guys,
I am currently configuring 3 routers for VPN IPSec. Does anyone have configurations that link all routers with each other. I will probably configure EIGRP between sites.

Thanks in Advance

Rod
 
Sort by date Sort by votes
Well, it's the same as making one connection. Just use a higher policy number for successive links.

As for EIGRP, you won't be using it unless you create GRE links also. EIGRP requires connected neighbors.
 
Upvote 0 Downvote
Hi Igarner,
Thanks for your quick reply. I will be using GRE to accomodate EIGRP.
Do I have this right:

Router A will have two crypto maps, one for each site. The same applies to Routers B and C.

Router A will also have the following config for GRE to Routers B and C:


interface Loopback0
description Local Loopback To Router B
ip address 192.168.1.2 255.255.255.255
!
interface Loopback1
description Local Loopback To Router C
ip address 192.168.2.2 255.255.255.255
!
interface Tunnel1
description GRE to Router B
ip address 10.1.1.1 255.255.255.252
no ip proxy-arp
ip mtu 1400
ip tcp adjust-mss 1340
ip ospf authentication
ip ospf authentication-key password
ip ospf cost 10
tunnel source Loopback0
tunnel destination 192.168.1.1
crypto map vpn
!
interface Tunnel2
description GRE to Router C
ip address 10.1.2.1 255.255.255.252
no ip proxy-arp
ip mtu 1400
ip tcp adjust-mss 1340
ip ospf authentication
ip ospf authentication-key password
ip ospf cost 10
tunnel source Loopback0
tunnel destination 192.168.2.1
crypto map vpn

Routers B and C will also have the same setup. Therefore I have IPSEC over GRE tunnels between all three sites.

Am I on the right track?

Thanks again
Rod
 
Upvote 0 Downvote
Looks about like what we have, except we use the serial addresses instead of loopback since there's only one serial connection. Once that's set up, the GRE tunnel addresses will appear as neighbors.
 
Upvote 0 Downvote
Hi Igarner,
These sites will be interconnected by DSL. How do I route private traffic 10.x.x.x using EIGRP out over the public internet to the other sites? I cant find any documents on this.

Thanks again,
Rod
 
Upvote 0 Downvote
You don't. Your VPN devices have public IP addresses. You create VPN links, which provide tunnels for your private addresses. Once the tunnels are created, it will be similar to a private network like frame-relay or p-p links.

The public addresses will be used to create the IPSec links, and the private addresses can then be endpoints for GRE.
 
Upvote 0 Downvote
Hi Igarner,
Thanks for that. Have you got a sample config for reference similiar to what I want i.e. Dsl with IPsec and GRE interconnecting 3 sites.

Thanks again,
Rod
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
680
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
510
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
467
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
417
Joon Smith
Joon Smith
LearningNetworking
  • Locked
  • Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
470
LearningNetworking
LearningNetworking

Part and Inventory Search

Sponsor

Back
Top