Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Site to Site VPN

Site to Site VPN 10 years 11 months ago #12063

  • susetechie
  • susetechie's Avatar
  • Offline
  • Frequent Member
  • Posts: 24
  • Karma: 0
Hi All,

I am really upping my number of posts today! hehe

AT any rate, another question. I was given a drawing of the network, and between my HQ site and my remote sites, there is a cloud that says "MPLS VPN". so obviously, i think..wow...ok, its an MPLS VPN! lol well i ask around, and others think we are not using site to site vpn. when i look at the configs on the routers i see many commands starting with "crypto". my thoughts are they are actually using site to site, but just dont know it. is there a way for me to be sure?!

sorry for the newbiness....its my first network reorg.

Thanks
"Go away or I will replace you with a very small shell script"
The administrator has disabled public write access.

Re: Site to Site VPN 10 years 11 months ago #12068

  • jwj
  • jwj's Avatar
  • Offline
  • Senior Member
  • Posts: 350
  • Karma: 0
In your routers' configurations, look for a portion with "crypto map". A sub-configuration for it will be "set peer ip address".

Example:
crypto map vpndescription 10 ipsec-isakmp
set peer 123.100.101.55
set transform-set transformdescription

Now, the peer address is going to be the IP address of the distant end VPN point. So it should be an IP address of an interface on one of your routers somewhere. I would suggest copying and pasting all of your crypto maps and router interfaces from all your routers, and start matching the crypto maps to the interfaces (and router) it goes to.
-Jeremy-
The administrator has disabled public write access.

Re: Site to Site VPN 10 years 11 months ago #12070

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
I concur with jwj's configuration.

Configurations similar to the above will show your dealing with a site-to-site VPN.

In some cases, there is also a '' match address x" after the 'set transform-set' command, where 'x' is the access-list number to which the defined traffic is allowed to pass through.
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: Site to Site VPN 10 years 11 months ago #12073

  • susetechie
  • susetechie's Avatar
  • Offline
  • Frequent Member
  • Posts: 24
  • Karma: 0
Thanks guys....i did take down the "set peer" address, and i asked others in the group if they knew the address. i figured it was indeed the end point of the vpn, but i did not have the address in my list. i guess i will have to do more digging! thanks a lot for the replies.
"Go away or I will replace you with a very small shell script"
The administrator has disabled public write access.
Time to create page: 0.086 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup