CHAPTER
BETA DRAFT - CISCO CONFIDENTIAL
7-1
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
7
Configuring VPNs Using an IPSec Tunnel and
Generic Routing Encapsulation
The Cisco 1800 series integrated services fixed-configuration routers support the creation of virtual
private networks (VPNs).
Cisco routers and other broadband devices provide high-performance connections to the Internet, but
many applications also require the security of VPN connections which perform a high level of
authentication and which encrypt the data between two particular endpoints.
Two types of VPNs are supported—site-to-site and remote access. Site-to-site VPNs are used to connect
branch offices to corporate offices, for example. Remote access VPNs are used by remote clients to log
in to a corporate network.
The example in this chapter illustrates the configuration of a site-to-site VPN that uses IPSec and the
generic routing encapsulation (GRE) protocol to secure the connection between the branch office and
the corporate network. Figure 7-1 shows a typical deployment scenario.
Figure 7-1 Site-to-Site VPN Using an IPSec Tunnel and GRE
1 Branch office containing multiple LANs and VLANs
2 Fast Ethernet LAN interface—With address 192.165.0.0/16 (also the inside interface for NAT)
3 VPN client—Cisco 1800 series integrated services router
4 Fast Ethernet or ATM interface—With address 200.1.1.1 (also the outside interface for NAT)
5 LAN interface—Connects to the Internet; with outside interface address of 210.110.101.1
6 VPN client—Another router, which controls access to the corporate network
121783
Internet
3
1
2 4 5 7
6
8
9
