Maybe I am not reading your response right. From what I read your saying you need both peers tunnel endpoints to be in the same subnet? If that is what your saying that is incorrect. You do not need to setup addresses in the same subnet on each end of the tunnel. You simply identify you encrypting peers address which can be any accessible address in any subnet. As well, the router that you define as your peer simply has an access-list that defines any traffic passing through it that gets encrypted. This is based on source and destination and can be any source any destination inlcluding subnets that this encrypting router is not directly connected to as long of course as the traffic passes the encryprting router on the way out, and the destination is accessible. On the Microsoft W2K thing. I would avoid it if you can. It is a little more complex in that you have to setup L2TP on the router and the W2K and configure IPSEC to use the L2TP tunnel. It will be much easier to encrypt from router to router based on access-lists. The access-list will only define what get's encrypted, and is not applied to any interface just the Crypto map. You do not need any special hardware unless your VPN network grows considerably large and you are using 3-des. Then you will want to look into the PL2 or PL3 card which will take the encrypting decrypting engine process of the routers CPU and put it on the PL2 or PL3 card. CCNP + Security Specialist -----Original Message----- From: JEK [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 28, 2000 3:29 AM To: [EMAIL PROTECTED] Subject: Re: VPN & Hierarchical Design questions John, ( 1 ) If your wanting to connect all of your remotes that will not connect up to the same logical lan; the host will need a connection to the internet and the remotes will need the same.....You will then need to setup Tunnel Interfaces which are software interfaces and then setup your own certain criteria for your < tunnel mode / tunnel source / tunnel destination > and then an IP Address on both ends that are in the same subnet....Then you can setup static routes on the routers to forward information that they need on the host LAN to the IP Address if the Tunnel Interface on the host router.....Then you can setup your gateway of last resort pointing out to the Internets IP Address....... PS: You don't even have to setup a routing protocol just a routed protocol......Keep in mind that all of your static routes would have to be setup properly...... ( 2 ) If your talking about the three Cisco Layers.....Example would be 7200 Core 4000 3660 3640 3620 Distrbution 700 800 1000 1600 1700 2500 Access Joe Senior Systems/Network Engineer CCNA "JohnMail" <[EMAIL PROTECTED]> wrote in message 006c01bfdb44$4b0ff7e0$[EMAIL PROTECTED]">news:006c01bfdb44$4b0ff7e0$[EMAIL PROTECTED]... > Folks: > > I am preparing for the CCDA and plan to write same before 31 July, 2000. I > have two questions. The first one revolves around VPN. The other question > deals with CISCO's Hierarchical Network Design concepts. > > (1) Assume that I have six simple LANs - one HQ LAN and 5 Branch LANs. > Assume also that each LAN consists of one Server and 4 workstations. If I > want to link these simple networks using VPN; what king of Hardware and > Software would I have to buy. I would also like to compare and contrast > Microsoft's VPN (which I believe is built into Win2000) and CISCO's VPN. > Thanks in advance guys. > > (2) In this second scenario, I want to connect a router at each LAN site > and make use of CISCO'S hierarchical network design principles. Can anyone > explain or draw a simple diagram of what the network structure would look > like at the CORE, DISTRIBUTION, and ACCESS layers. > > > > Thanks, > John > > ___________________________________ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___________________________________ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___________________________________ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
