Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment815-VPN/K9 - 815 Integrated Services Router
71727374757677787980
Configuring Security Features
Configuring VPN
7
Cisco 3900 Series, 2900 Series, and 1900 Series Integrated Services Routers Software Configuration Guide
OL-21850-01
The Cisco Easy VPN client feature can be configured in one of two modes—client mode or network
extension mode. Client mode is the default configuration and allows only devices at the client site to
access resources at the central site. Resources at the client site are unavailable to the central site.
Network extension mode allows users at the central site (where the Cisco VPN 3000 series concentrator
is located) to access network resources on the client site.
After the IPSec server has been configured, a VPN connection can be created with minimal configuration
on an IPSec client. When the IPSec client initiates the VPN tunnel connection, the IPSec server pushes
the IPSec policies to the IPSec client and creates the corresponding VPN tunnel connection.
Note The Cisco Easy VPN client feature supports configuration of only one destination peer. If your
application requires creation of multiple VPN tunnels, you must manually configure the IPSec VPN and
Network Address Translation/Peer Address Translation (NAT/PAT) parameters on both the client and the
server.
Cisco 3900 series, 2900 series, and 1900 series ISRs can be also configured to act as Cisco Easy VPN
servers, letting authorized Cisco Easy VPN clients establish dynamic VPN tunnels to the connected
network. For information on configuring Cisco Easy VPN servers, see the Easy VPN Server feature at:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ftunity.html.
Site-to-Site VPN Example
The configuration of a site-to-site VPN uses IPSec and the generic routing encapsulation (GRE) protocol
to secure the connection between the branch office and the corporate network. Figure 2 shows a typical
deployment scenario.
Figure 2 Site-to-Site VPN Using an IPSec Tunnel and GRE
1 Branch office containing multiple LANs and VLANs
2 Fast Ethernet LAN interface—With address 192.165.0.0/16 (also the inside interface for NAT)
3 VPN client—Cisco 3900 series, 2900 series, or 1900 series ISR
4 Fast Ethernet or ATM interface—With address 200.1.1.1 (also the outside interface for NAT)
5 LAN interface—Connects to the Internet; with outside interface address of 210.110.101.1
6 VPN client—Another router, which controls access to the corporate network
7 LAN interface—Connects to the corporate network; with inside interface address of 10.1.1.1
8 Corporate office network
9 IPSec tunnel with GRE
121783
Internet
3
1
2 4 5 7
6
8
9