Cisco CISCO876-SEC-I-K9 Configuration Guide - Page 79

CH A P T E R 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation OL-5332-01 The Cisco 850 and Cisco 870 series routers support the creation of virtual private networks (VPNs). Cisco routers and other broadband devices provide high-performance connections to the Internet, but many applications also require the security of VPN connections which perform a high level of authentication and which encrypt the data between two particular endpoints. Two types of VPNs are supported-site-to-site and remote access. Site-to-site VPNs are used to connect branch offices to corporate offices, for example. Remote access VPNs are used by remote clients to log in to a corporate network. The example in this chapter illustrates the configuration of a site-to-site VPN that uses IPSec and the generic routing encapsulation (GRE) protocol to secure the connection between the branch office and the corporate network. Figure 7-1 shows a typical deployment scenario. Figure 7-1 Site-to-Site VPN Using an IPSec Tunnel and GRE 8 3 6 2 4 5 7 Internet 1 9 121783 1 Branch office containing multiple LANs and VLANs 2 Fast Ethernet LAN interface-With address 192.168.0.0/16 (also the inside interface for NAT) 3 VPN client-Cisco 850 or Cisco 870 series access router 4 Fast Ethernet or ATM interface-With address 200.1.1.1 (also the outside interface for NAT) 5 LAN interface-Connects to the Internet; with outside interface address of 210.110.101.1 6 VPN client-Another router, which controls access to the corporate network 7 LAN interface-Connects to the corporate network, with inside interface address of 10.1.1.1 8 Corporate office network 9 IPSec tunnel with GRE Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-1