Cisco Systems C819GUK9 Router User Manual


  Open as PDF
of 196
 
9-6
Cisco 819 Series Integrated Services Routers Software Configuration Guide
OL-23590-02
Chapter 9 Configuring Security Features
Configuring VPN
After the IPSec server has been configured, a VPN connection can be created with minimal configuration
on an IPSec client, such as a supported Cisco
819 ISR. When the IPSec client initiates the VPN tunnel
connection, the IPSec server pushes the IPSec policies to the IPSec client and creates the corresponding
VPN tunnel connection.
Note The Cisco Easy VPN client feature supports configuration of only one destination peer. If your
application requires the creation of multiple VPN tunnels, you must manually configure the IPSec VPN
and Network Address Translation/Peer Address Translation (NAT/PAT) parameters on both the client
and the server.
Cisco 819 ISRs can be also configured to act as Cisco Easy VPN servers, letting authorized
Cisco
Easy VPN clients establish dynamic VPN tunnels to the connected network. For information on
the configuration of Cisco
Easy VPN servers, see the Easy VPN Server feature document.
Site-to-Site VPN
The configuration of a site-to-site VPN uses IPSec and the generic routing encapsulation (GRE) protocol
to secure the connection between the branch office and the corporate network.
Figure 9-2 shows a typical
deployment scenario.
Figure 9-2 Site-to-Site VPN Using an IPSec Tunnel and GRE
For more information about IPSec and GRE configuration, see Secure Connectivity Configuration Guide
Library, Cisco IOS Release 12.4T.
1 Branch office containing multiple LANs and VLANs
2 Fast Ethernet LAN interface—With address 192.165.0.0/16 (also the inside interface for NAT)
3 VPN client—Cisco 819 ISR
4 Fast Ethernet —With address 200.1.1.1 (also the outside interface for NAT)
5 LAN interface—Connects to the Internet; with outside interface address of 210.110.101.1
6 VPN client—Another router, which controls access to the corporate network
7 LAN interface—Connects to the corporate network, with inside interface address of 10.1.1.1
8 Corporate office network
9 IPSec tunnel with GRE
121783
Internet
3
1
2 4 5 7
6
8
9
 previous next