Specifications
Table Of Contents
- Contents
- Preface
- Getting Started
- Basic Router Configuration
- Interface Port Labels
- Viewing the Default Configuration
- Information Needed for Configuration
- Configuring Basic Parameters
- Configuring Static Routes
- Configuring Dynamic Routes
- Configuring Enhanced IGRP
- Basic Router Configuration
- Configuring Your Router for Ethernet and DSL Access
- Sample Network Deployments
- Configuring PPP over Ethernet with NAT
- Configuring PPP over ATM with NAT
- Configuring a LAN with DHCP and VLANs
- Configuring a VPN Using Easy VPN and an IPSec Tunnel
- Configure the IKE Policy
- Configure Group Policy Information
- Apply Mode Configuration to the Crypto Map
- Enable Policy Lookup
- Configure IPSec Transforms and Protocols
- Configure the IPSec Crypto Method and Parameters
- Apply the Crypto Map to the Physical Interface
- Create an Easy VPN Remote Configuration
- Verifying Your Easy VPN Configuration
- Configuration Example
- Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
- Configuring a Simple Firewall
- Configuring a Wireless LAN Connection
- Sample Configuration
- Configuring Additional Features and Troubleshooting
- Additional Configuration Options
- Configuring Security Features
- Configuring Dial Backup and Remote Management
- Troubleshooting
- Reference Information
- Cisco IOS Software Basic Skills
- Concepts
- ROM Monitor
- Common Port Assignments
7-2
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
GRE Tunnels
GRE tunnels are typically used to establish a VPN between the Cisco router and a remote device that
controls access to a private network, such as a corporate network. Traffic forwarded through the GRE
tunnel is encapsulated and routed out onto the physical interface of the router. When a GRE interface is
used, the Cisco router and the router that controls access to the corporate network can support dynamic
IP routing protocols to exchange routing updates over the tunnel, and to enable IP multicast traffic.
Supported IP routing protocols include Enhanced Interior Gateway Routing Protocol (EIGRP), Routing
Information Protocol (RIP), Intermediate System-to-Intermediate System (IS-IS), Open Shortest Path
First (OSPF), and Border Gateway Protocol (BGP).
Note When IP Security (IPSec) is used with GRE, the access list for encrypting traffic does not list the desired
end network and applications, but instead refers to the permitted source and destination of the GRE
tunnel in the outbound direction. All packets forwarded to the GRE tunnel are encrypted if no further
access control lists (ACLs) are applied to the tunnel interface.
VPNs
VPN configuration information must be configured on both endpoints; for example, on your Cisco router
and at the remote user, or on your Cisco router and on another router. You must specify parameters, such
as internal IP addresses, internal subnet masks, DHCP server addresses, and Network Address
Translation (NAT).
Configuration Tasks
Perform the following tasks to configure this network scenario:
• Configure a VPN
• Configure a GRE Tunnel
An example showing the results of these configuration tasks is shown in the section “Configuration
Example.”
Note The procedures in this chapter assume that you have already configured basic router features as well as
PPPoE or PPPoA with NAT, DCHP and VLANs. If you have not performed these configurations tasks,
see
Chapter 1, “Basic Router Configuration,” Chapter 3, “Configuring PPP over Ethernet with NAT,”
Chapter 4, “Configuring PPP over ATM with NAT,” and Chapter 5, “Configuring a LAN with DHCP
and VLANs,” as appropriate for your router.
7 LAN interface—Connects to the corporate network, with inside interface address of 10.1.1.1
8 Corporate office network
9 IPSec tunnel with GRE