- Posts: 24
- Thank you received: 0
Site to Site VPN
- susetechie
- Topic Author
- Offline
- Junior Member
Less
More
19 years 1 week ago #12063
by susetechie
"Go away or I will replace you with a very small shell script"
Site to Site VPN was created by susetechie
Hi All,
I am really upping my number of posts today! hehe
AT any rate, another question. I was given a drawing of the network, and between my HQ site and my remote sites, there is a cloud that says "MPLS VPN". so obviously, i think..wow...ok, its an MPLS VPN! lol well i ask around, and others think we are not using site to site vpn. when i look at the configs on the routers i see many commands starting with "crypto". my thoughts are they are actually using site to site, but just dont know it. is there a way for me to be sure?!
sorry for the newbiness....its my first network reorg.
Thanks
I am really upping my number of posts today! hehe
AT any rate, another question. I was given a drawing of the network, and between my HQ site and my remote sites, there is a cloud that says "MPLS VPN". so obviously, i think..wow...ok, its an MPLS VPN! lol well i ask around, and others think we are not using site to site vpn. when i look at the configs on the routers i see many commands starting with "crypto". my thoughts are they are actually using site to site, but just dont know it. is there a way for me to be sure?!
sorry for the newbiness....its my first network reorg.
Thanks
"Go away or I will replace you with a very small shell script"
19 years 1 week ago #12068
by jwj
-Jeremy-
Replied by jwj on topic Re: Site to Site VPN
In your routers' configurations, look for a portion with "crypto map". A sub-configuration for it will be "set peer ip address".
Example:
crypto map vpndescription 10 ipsec-isakmp
set peer 123.100.101.55
set transform-set transformdescription
Now, the peer address is going to be the IP address of the distant end VPN point. So it should be an IP address of an interface on one of your routers somewhere. I would suggest copying and pasting all of your crypto maps and router interfaces from all your routers, and start matching the crypto maps to the interfaces (and router) it goes to.
Example:
crypto map vpndescription 10 ipsec-isakmp
set peer 123.100.101.55
set transform-set transformdescription
Now, the peer address is going to be the IP address of the distant end VPN point. So it should be an IP address of an interface on one of your routers somewhere. I would suggest copying and pasting all of your crypto maps and router interfaces from all your routers, and start matching the crypto maps to the interfaces (and router) it goes to.
-Jeremy-
19 years 1 week ago #12070
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: Site to Site VPN
I concur with jwj's configuration.
Configurations similar to the above will show your dealing with a site-to-site VPN.
In some cases, there is also a '' match address x" after the 'set transform-set' command, where 'x' is the access-list number to which the defined traffic is allowed to pass through.
Configurations similar to the above will show your dealing with a site-to-site VPN.
In some cases, there is also a '' match address x" after the 'set transform-set' command, where 'x' is the access-list number to which the defined traffic is allowed to pass through.
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
- susetechie
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 24
- Thank you received: 0
19 years 1 week ago #12073
by susetechie
"Go away or I will replace you with a very small shell script"
Replied by susetechie on topic Re: Site to Site VPN
Thanks guys....i did take down the "set peer" address, and i asked others in the group if they knew the address. i figured it was indeed the end point of the vpn, but i did not have the address in my list. i guess i will have to do more digging! thanks a lot for the replies.
"Go away or I will replace you with a very small shell script"
Time to create page: 0.132 seconds