Site-to-site VPN Cisco 1811 - wireless
Robert Jacobs
I have a family friend that owns a small company with 2 locations (10
pcs on one end, and 5 on the other). They have static IP addresses -
their internet connection is a Wireless connection (DSL and Cable not
available).
He would like to setup some way for the PCs at both locations to be
able to talk to each other. I am thinking about purchasing 2 x Cisco
1811 routers, connecting them to the ethernet connection provided by
the wireless devices located at each location, and setting up a site-
to-site VPN connection using these devices.
First of all, does this sound like something that's workable/doable?
Second, if it is doable, does anybody know these routers well enough
to tell me if it is something that I should be able to do within the
SDM (GUI), or if there will be a lot of command line configuration
required. And, finally, can anybody give me the steps I would have to
perform to get this to work properly - or a website I can go to that
will give me a step-by-step procedure to complete this task with these
routers.
We don't have a ton of money, just enough for the equipment, and want
to make sure it's something that will even be possible if the
equipment is purchased in this scenario - before delving head first
into it. And if it is possible, we want to make sure it's something
that we'll be able to actually do ourselves - hence the step-by-step
procedures requested.
I am very tech savy, and actually had my CCNA quite a few years ago,
so I know my way around most routers (for the most part). However,
things have changed, and I want to make sure I can handle this before
commiting to him.
Thanks a bunch, experts - you're my saving grace...
Aaron Leonard
~
~ I have a family friend that owns a small company with 2 locations (10
~ pcs on one end, and 5 on the other). They have static IP addresses -
~ their internet connection is a Wireless connection (DSL and Cable not
~ available).
~
~ He would like to setup some way for the PCs at both locations to be
~ able to talk to each other. I am thinking about purchasing 2 x Cisco
~ 1811 routers, connecting them to the ethernet connection provided by
~ the wireless devices located at each location, and setting up a site-
~ to-site VPN connection using these devices.
~
~ First of all, does this sound like something that's workable/doable?
~ Second, if it is doable, does anybody know these routers well enough
~ to tell me if it is something that I should be able to do within the
~ SDM (GUI), or if there will be a lot of command line configuration
~ required. And, finally, can anybody give me the steps I would have to
~ perform to get this to work properly - or a website I can go to that
~ will give me a step-by-step procedure to complete this task with these
~ routers.
~
~ We don't have a ton of money, just enough for the equipment, and want
~ to make sure it's something that will even be possible if the
~ equipment is purchased in this scenario - before delving head first
~ into it. And if it is possible, we want to make sure it's something
~ that we'll be able to actually do ourselves - hence the step-by-step
~ procedures requested.
~
~ I am very tech savy, and actually had my CCNA quite a few years ago,
~ so I know my way around most routers (for the most part). However,
~ things have changed, and I want to make sure I can handle this before
~ commiting to him.
~
~ Thanks a bunch, experts - you're my saving grace...
What kind of wireless are you talking about? 3G (CDMA/GSM)?
That would be doable with a pair of pair of 3G-equipped 881s (or, more
expensively, with higher end routers with 3G HWICs - but not the 1811,
which doesn't have 3G.)
http://www.cisco.com/en/US/prod/collateral/routers/ps380/ps10082/data_sheet_c78_498096.html
Set up the 3G cellular interface on each router to access your provider.
Then configure the IPsec tunnel between the sites. Should work fine.
I don't know whether or not SDM can configure the whole shebang. In any
case, the routers should come with tech support to help you get it
set up.
Cheers,
Aaron
Robert Jacobs
>
> Set up the 3G cellular interface on each router to access your provider.
> Then configure the IPsec tunnel between the sites. Should work fine.
>
> I don't know whether or not SDM can configure the whole shebang. In any
> case, the routers should come with tech support to help you get it
> set up.
>
> Cheers,
>
> Aaron
Aaron, thanks. It's a wireless provider, not a cellular (3g)
provider. It is basically radio waves that come into the building
through a wireless receiver - and they basically give us an ethernet
port. It's practially the same thing as DSL/Cable - except it's
wireless... No cell phone cards or anything like that.
I would also like to know how to "Then configure the IPsec tunnel
between the sites. Should work fine.". That's the part I'm not sure
on, and wondering if there's maybe a step-by-step procedure? Thanks
again.
Rob
> Aaron, thanks. It's a wireless provider, not a cellular (3g)
> provider. It is basically radio waves that come into the building
> through a wireless receiver - and they basically give us an ethernet
> port. It's practially the same thing as DSL/Cable - except it's
> wireless... No cell phone cards or anything like that.
Do they provide you with a single ethernet port where you can connect
only a single PC without providing your own router, or does the device
have multiple ports and/or you could connect your own switch and have
many pcs access the internet without further hardware and/or software?
I ask this because it is very likely that the box you got from the
provider already is a router and provides NAT functionality to translate
many internal PC addresses to a single external address.
It will be more difficult to connect another router to such a device
and then setup IPsec tunnels.
> I would also like to know how to "Then configure the IPsec tunnel
> between the sites. Should work fine.". That's the part I'm not sure
> on, and wondering if there's maybe a step-by-step procedure? Thanks
> again.
If you need to ask this, it might be better to ask a supplier to
configure everything for you, or to go with another manufacturer who
is more oriented towards do-it-yourself installation of their equipment
without too much expertise.
Robert Jacobs
-Do they provide you with a single ethernet port where you can connect
-only a single PC without providing your own router, or does the
device
-have multiple ports and/or you could connect your own switch and have
-many pcs access the internet without further hardware and/or
software?
That's a good question - I'm not really sure. I would assume it's
just a modem type device, but you know what they say about assuming.
As far as asking for a step-by-step procedure, it's not that I don't
think I would be able to figure it out myself, it's that I'd like to
see an example of performing this operation, so I can see what the SDM
looks like for this procedure. I currently maintain 3 x Cisco 2800
series routers for the company I work for, and have setup one site-to-
site vpn, however, it was done in a completely different environment,
and it's an older version of the SDM. I just want to see what the
steps look like using this particular router/SDM.
Claudio Schnell da Silva
> Thank you in advance for your help, experts.
>
> I have a family friend that owns a small company with 2 locations (10
> pcs on one end, and 5 on the other). They have static IP addresses -
> their internet connection is a Wireless connection (DSL and Cable not
> available).
>
> He would like to setup some way for the PCs at both locations to be
> able to talk to each other. I am thinking about purchasing 2 x Cisco
Hello Robert,
if you have not yet purchased the hardware - did you consider to set up
the whole thing with a little ASA5505 instead of the 1811 at each end?
It comes with a SSL webfrontend and a wizard within for setting up the
ipsec site to site.
Costs for the 2 ASAs should be less, too, I think.
Regards,
Claudio
Techno_Guy
wrote:
before you do anything, I would suggest you should call the internet
provider to make sure they do not block ipsec. I have seen some
wireless providers that do.