Add IPSec LANtoLAN

Cisco.com

© 2003, Cisco Systems, Inc. All rights reserved.

Configuration of LAN-to-LAN connections cannot be done in Quick Configuration. Instead, the Concentrator provides a wizard for LAN-to-LAN connections. Choose Configuration>System>Tunneling Protocols>IPSec>LAN-to-LAN, and click Add to access the LAN-to-LAN wizard. The Configuration>System>Tunneling Protocols>IPSec LAN-to-LAN>Add window opens. The LAN-to-LAN wizard presents this one window to configure a LAN-to-LAN tunnel.

Boston IPSec LAN-to-LAN

© 2003, Cisco Systems, Inc. All rights reserved.

© 2003, Cisco Systems, Inc. All rights reserved.

The Configuration>System>Tunneling Protocols>IPSec>LAN-to-LAN>Add window has three sections. The top section pertains to the network information; the bottom two sections deal with the two private networks at either end of the tunnel.

In the example in the figure, there is a tunnel between Boston and Houston. The administrator is currently configuring the Boston Concentrator. For the Boston network connection, the administrator needs to complete the following steps:

Step 1 Enter the name for the LAN-to-LAN connection (local significance only) in the Name field.

Step 2 Set the peer value as the IP address assigned to the public interface of the remote Concentrator (for example, 192.168.6.5) in the Peer field.

Step 3 Enter an alphanumeric string value for the pre-shared key in the Preshared Key field.

There are two private networks: local and remote. The middle section of the Configuration> System>Tunneling Protocols>IPSec LAN-to-LAN window defines the local private network. When the administrator in the example programs the Boston end, the local network to Boston is 10.0.1.0. When programming the local private network, the administrator needs to complete the following steps:

Step 1 Set the local network IP address to 10.0.1.0, which is the network and subnet address minus the host address.

Step 2 Set the wildcard mask, 0.0.0.255. The wildcard mask is the reverse of the subnet mask.

The bottom section of the Configuration>System>Tunneling Protocols>IPSec>LAN-to-LAN>Add window defines the remote private network. In the example, the remote end is referring to the Houston private network, 10.0.6.0. When the administrator in the example programs the remote private network, the administrator needs to complete the following steps:

Step 1 Set the remote network IP address to 10.0.6.0. It is the network and subnet address minus the host address.

Step 2 Set the wildcard mask to 0.0.0.255. The wildcard mask is the reverse of the subnet mask. Step 3 Click Add.

Was this article helpful?

0 0

Post a comment