|
|
|
Question : Problem: VPN Set with VSATs
|
|
I need to set up a VPN network. What are the system requirements .Actually I have to make 9 nodes of VSAT under a VPN ? Kindly explain .
|
Answer : Problem: VPN Set with VSATs
|
|
I haven't worked with VSAT and was curious about it and found this link:
http://www.donegal-holdings.com/vsat_a__tutorial.htm
As you can see from this link there are several types of VSAT networks. My guess is you are linking a site with a satellite uplink to a remote site some distance away...?
Not knowing about the Nodes themselves I would say your best bet is a Lan to Lan connection between VPNs. What you use for this type of connection can vary a great deal. You can do router to router...router to vpn...vpn to vpn....vpn to hardware-client.
You can find exact requirements at cisco....I believe most of their routers can do ipsec router to router with ios 12.2 an higher.
You can also use a vpn concentrator such as a 3005 or 3015 at your central site (depending on your needs)....You could then use a router/another vpn concentrator 3005-3015/vpn hardware client 3002).
Here is an example of a router to router lan to lan connection from cisco's site (by the way Cisco is the only way to go best products best support...[no i don't work for them]):
***********
ROUTER A
***********
Building configuration...
Current configuration : 1253 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname RouterA
!
!
memory-size iomem 10
ip subnet-zero
!
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp keepalive 30 5
!
crypto isakmp peer address 14.38.69.71
set aggressive-mode password cisco123
set aggressive-mode client-endpoint ipv4-address 14.38.69.70
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto map mymap 1 ipsec-isakmp
set peer 14.38.69.71
set transform-set myset
match address 100
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Ethernet0/0
ip address 14.38.69.70 255.255.0.0
half-duplex
crypto map mymap
!
interface BRI0/0
no ip address
shutdown
!
interface Ethernet0/1
no ip address
shutdown
half-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 14.38.69.71
ip http server
!
!
access-list 100 permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
!
end
ROUTER B
Building configuration...
Current configuration : 1147 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname RouterB
!
!
ip subnet-zero
!
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key cisco123 address 14.38.69.70
crypto isakmp keepalive 30 5
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map mymap 10
set transform-set myset
!
!
crypto map mainmap 1 ipsec-isakmp dynamic mymap
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
ip address 14.38.69.71 255.255.0.0
duplex auto
speed auto
crypto map mainmap
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 14.38.69.70
no ip http server
!
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
line con 0
exec-timeout 0 0
speed 115200
line aux 0
line vty 0 4
login
!
!
end
******************************
The 3002 has a quick configuration mode that makes setup very easy. There is also a model that comes with a built in 8 port 10/100 switch. If you need more just connect another switch/hub to one of these ports.
The 3005 and 3015 you setup the inside interface first using a console cable and from that point they have a web based interface that makes setup easier as well.
Hope some of this helps....
|
|
|
|
