Router to router IPSEC session

Similar Messages

• What is the preferred dynamic routing over l2l/ipsec?

  what is the preferred dynamic routing over l2l/ipsec?
  Sent from Cisco Technical Support iPhone App

  Disclaimer
  The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.
  Liability Disclaimer
  In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.
  Posting
  Pretty much what you might use if not IPSec.
  Do you have some reason why IPSec should have a preferred routing protocol or are you just wondering if there is a preferred routing protocol for IPSec?

• Routing protocols over IPSEC

  why can't you run a routing protocol in IPSEC tunnel mode? why do you need GRE to run a routing protocol?

  Most of the dynamic routing protocols use multicast addressing or broadcast addressing for the destination address. IPSec processes unicast IP traffic. This is the reason that we have traditionally used GRE which can easily pass multicast and broadcast traffic within the tunnel as the way to run routing protocols over IPSec tunnels. With GRE the multicast routing protocol traffic is encapsulated in a GRE packet which has a unicast source and destination address.
  HTH
  Rick

• Router to Router Dialer VPN

  one of my router is configured with site to site vpn, I want this router to establish a dialer vpn from a remote router,
  Remote router will be configured as dialer vpn as there is no Live IP available in remote site, I dont want to configure it as Site to site vpn,
  Please refer some docuement to achive this goal,

  Hi Karsten -
  I'm afraid I cannot use the EasyVPN feature at all.
  The vendor informs me that there is another IPSec  VPN tunnel which connects back to their office to provide other capabilities.
  So I have to use L2L IPSec -- and do it with a dynamic IP from the router side, to a fixed IP on the ASA side.
  Is it possible to build the tunnel-group on the ASA side so that it doesn't require a known IP for the remote side of the tunnel?
  I'm using DefaultL2L tunnel group (on the ASA) at the moment to terminate the VPN when the router is using the satellite connection via FA90/1, with a fixed IP address.
  But the DefaultL2L group doesn't have the IP of the router -- yet it works...
  The same VPN config, used from the FA0/0 interface of the router with the same crypto map
  just gives the traditional "No match, deleting SA" message..
  I can see the router trying to establish the VPN, but it's just not able to negotiate, and the only reason I could think of was that the FA0/0 interface had a DHCP address instead of a static IP.
  Strange that it works OK with the ASA's DefaultL2L tunnel group, with no mention of the router's FA0/1 static IP, yet the FA0/0 with a dynamic IP won't work.
  We did just hook up the satellite and used FA0/1 to test it -- vpn came up instantly...

• Router to Router VPN with Overlapping internal networks

  Hello Experts,
  One quick question. How do I configure a Router to Router VPN with overlapping internal networks???
  Both of my internal networks have ip address of 192.168.10.0 and 192.168.10.0
  Any link or config will be appreciated. I've been looking but no luck.
  Thanks,
  Randall

  Randall,
  Please refer the below URL for configuration details:
  Configuring an IPSec Tunnel Between Routers with Duplicate LAN Subnets
  http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800b07ed.shtml
  Let me know if it helps.
  Regards,
  Arul
  ** Please rate all helpful posts **

• Router-to-Router VPN Security

  Hi there,
  Should we worry about the the security on router-to-router VPN over internet (IPSec) ?
  We have two offices.
  Office A has Cisco 2811 router (internal, private) and ASA 5510 firewall.
  Office B has Cisco 2821 router (internal, private) and ASA 5505 firewall.
  Office B has private subnets that extend to 7 hops away. (running RIP)
  If we want to set up a site-to-stie VPN between these two offices, should we set it up on ASA's or routers?
  If we set up VPN on routers, does that mean we need to connect one interface to the internet on each router and suffer from Internet attacks?
  How do we defend our routers then?
  Thanks in advance!
  -Andrew

  Hi,
  when it comes to site to site vpn I usually prefer routers. Whith a little bit of tweaking NAT and routing you should be able to operate a public address on the routers even if they are behind the firewall.
  The advantage of IOS based VPN is e.g. the possibility of routing protocols through the VPN tunnels which would give another level of resiliency. Configure tunnel interfaces on the routers with a tunnel mode IPsec and a tunnel protection profile. You can then run e.g. EIGRP to find a possible alternate path if one of the tunnels fails. Its much easier than anything I can think of on the ASA.
  Rgds, MiKa

• Routes and Routes Determination

  Hello All,
  I m basically a technical person and i m doing recording for routes and routes determination.
  I am facing one problem.
  while executing transaction 0vtc in one system , while saving data its asking for transport request.
  and when i execute the same transaction in IDES system , and when i save data it does not ask for the transport request.
  Is there any config for that?
  Please help me out...its required asap..
  thanks,
  jigs
  Helpful ans will be rewarded.

  Hi
  not sure if this would help. but going through some of the older posts here, here's something I gathered:-
  ++++++++++++++++++++++
  It also depends on the client settings, which is done by the BASIS guys. If the client settings are done in such a way that system should not generate requests then it will not generate a request.
  If the system is created as a Sandbox then also system will not ask for a request.
  using the T codes SE01 where all the list can be viewed , then select the task or transport request click on the trucj button .
  +++++++++++++++++++++
  hope it's a start

• Difference between Routing & Rate Routing

  Hi All,
  can anyone tell me difference between Routing & Rate Routing? can we use routing for REM? if no, then what will be the effect?
  Thanks,
  Rinky

  Hi Rinky ,
                 Routing and rate routing are task list in broad manner .
  standard task list: Describes the worksteps necessary to produce a material or perform an activity without reference to an order.( that means they are created without reference to order )
  Essential objects of a task list are header, operations, material component allocations, production resources/tools and inspection characteristics.
  Together with specific dates and quantities, task list data forms an important part of the order.
  The following task list types exist in the R/3 System:
  routing
  reference operation set
  rate routing
  reference rate routing
  inspection plan
  maintenance task list
  standard network
  master recipe
  Routing is created with ca01 and rate routing by ca21 .
  Routing is used in discrete manufacuting and rate routing in repetitive .
  Rate routing generally has only one operation  and prod line instead of work centers and operations in routings .
  Both routings can be used for scheduling , cosing and capacity planning .
  Hope this was helpful answer !
  Neal
  Edited by: Neal Gibson on Jun 30, 2008 11:46 AM

• Routing & rate routing

  hello everyone,
  myself rekha bamgude,i want to know difference between routing & rate routing?

  Hi rekha to get a quick (or any) response, create your new discussion in a space related to your query.  This way it will be visible to topic experts who will then see and reply to it.   
  Please move this thread to the relevant forum Enterprise Resource Planning (SAP ERP)
  as you mention
  i want to know difference between routing & rate routing?
  Many times we told this word (Search before you post ).
  please see this thread for more details.
  Difference between routing and rate routing
  poorna

• What are all the IPSEC-sessions shown i ASDM?

  I have upgraded my ASA 5520 til version 9.1 with ASDM version 7.1. After the upgrade ASDM shows a lot of IPSEC VPN-sessions in the GUI that i cannot see from the ASA. Right now the GUI says that I have 28 IPSEC-sessions while the output from "show vpn-sessiondb l2l" shows the expected 4 tunnels and the output from "show vpn-sessiopndb remote" shows 0 as expected. (I do not use IPSEC from remote users).
  What could the reason for this be?
  BR,
  Thor-Egil

  You can also use show crypto ipsec ikev1 sa or show crypto isakmp sa command to displays output about the SA database. It will give you a list of the IKE peers that are connected to your ASA.

• Routes and route groups expanded

  Is there any way to force the routes and route groups to show un-expanded when I click on the Routes/Groups tab in switch executive? I have many and it is difficult to navigate when they are all expanded.
  kph

  Hi kphite,
  At this time, there is no method to force the collapse of the routes and route groups.  However, thank you for this product suggestion.  Just so you know, we have previously considered the implementation of such a feature and agree that this functionality would be beneficial.  We do have it in our plans for future revisions of NI Switch Executive. 
  Thanks again!
  Chad Erickson
  Switch Product Support Engineer
  NI - USA

• ISR router EIGRP Route Tag

  Hi,
  Wondering any one has successfully set route tag for EIGRP routes?
  What I am trying to achieve here is to set route tag for the summary routes of the connected interfaces and subnets of some other connected interfaces.
  Let's say an ISR router R1 with IOS 15.1(4)M3 has three interfaces running with EIGRP.  
  Interface Gi0/0 
  ip add 172.16.0.1/24
  summary-add 172.16.0.0/16
  Interface Gi0/1 
  ip add 172.16.1.1/24
  summary-add 172.16.0.0/16
  Interface Gi0/2 
  ip add 192.168.2.1/24
  I am having difficulty to set route tag for summary add 172.16.0.0/16 and 192.168.2.0/24 before they get advertised to another router.
  Any idea please?
  Thanks
  Cedar

  Duplicate posts.  
  Go here:  https://supportforums.cisco.com/discussion/12256521/isr-router-eigrp-route-tag

• How to verify the routes from router when Polycom device Initiates traffic

  Hi,
  Could anyone please assist me in finding out the routes when Polycom device initiated traffic towards the BCS global.
  1) polycom equipemnt is connected to the Internal Lan of the customer and its traversing through Router,
  I checked though Ip accounting when the user initiates the traffic. (polycom device ip is x.x.x.10 and BCS global network is aa.aa.aa.0). When i checked IP accounting i found the destination ip is x.x.x.10 and source ip is aa.aa.aa.205 when user initiates traffic from Polycom device.
  2) I also found the static route in router for BCS global network (aa.aa.aa.0) but when I tried to trace route to IP address (aa.aa.aa.205) the output shows:
  1. * * *
  2. * * *
  10) * * *
  Could anyone please assist me is there any other any other way to find out the routes.

  Thanks, this did it for me. The verification from rommon was ok and I guess I can trust the rom even when not comparing the information with cisco webpage.

• Cisco 2821 router IOS and Ipsec

  Hi all.I was wondering can you create VPN tunnels using Ipsec on a 2821 router if you have only the IPBASE image(the basic image 2821 router comes with) on the router or do you need some other version of IOS?
  I've gone totally nuts trying to find out but can't seem to find an answer.Thanks in advance.

  Igor
  You can not create IPSec tunnels if the 2821 is running the IP BASE image. You need a feature set that supports crypto to do IPSec. In general image names that include k9 in the image name will support crypto. You probably would want the Advanced Security feature set or the Advanced IP Services feature set, both of which do support crypto and do support IPSec tunnels.
  HTH
  Rick

• VPN Router to Router with 192.168.1.1 WAN address

  I have two WRVS4400N routers I'd like to create a VPN tunnel for.
  One gets a WAN IPAddress totally external: 75.32.167.xxx from the DSL modem.
  The other one is connected to an ADRAN 676 modem.
  This modem has an external IP address (67.155.29.202), but assigns address 192.168.1.1 to the connection to the router.
  I have the router configured to assign addresses 192.168.0.xxx to all computers on the LAN.
  The VPN setup requires to define the WAN address as the external address, but my router only sees address 192.168.1.1 as the external address (coming from the ADRAN modem)
  I hope this is not too convoluted and someone can help me. Following is an attempt at illustrating my setup:
  10.10.10.1-->Router1--->75.32.167.147 ---->INTERNET--->
  INTERNET-->67.155.29.202--->ADRAN modem--->192.168.1.1-->ROUTER2--->192.168.0.1
  Thanks in advance
  Rodolfo

  You adran modem also operates as NAT router. You have to reconfigure the adran modem for bridge mode. In bridge mode the modem operates like any other simple modem. You then have to configure the router for your internet connection, e.g. use PPPoE with the username and password supplied by your ISP. With that your router will have the public IP address.
  Otherwise, you would have to configure port forwarding and IPSec or GRE forwarding on the adran to pass the VPN traffic to the router. However, this may not work at all if the router is not able to handle VPN traffic through your NAT adran modem/router (my guess is it won't do it but I have not tested this).