Cisco 2960 overview

Please can anyone give me some direction over replacing a juniper router with a Cisco 2911 router.

I am having issues with a cloud partner router and want to bypass this with a cisco.

I need some advise on how to set up ipsec tunnel to the provider and static routes (such as Cisco 2921 router) to point there for hosts desktops.  also will this affect NATing of protocols for my voice and data ?

the vpn details are :

VPN Details

VPN Name

flexvpn

Hosted End-Point IP

109.8.32.99

On-premise End-Point IP Address

146.25.16.101

On-Premise Network

192.168.10.0

On-Premise Subnet Mask

255.255.254.0

Pre-Shared Key

f08fF*KT*ZlD

IKE Phase 1

Encryption

AES-256/AES-128/3DES

Hash

SHA-1

Authentication

Pre-Share Diffie-Hellman Group 2

Lifetime

86400s (1 day)

IKE Phase 2

Encryption

AES-256/AES-128/3DES

Hash

SHA-1

Lifetime

3600s (1 hour)

PFS

Optional

The solution:

You need the off-premises network information.

crypto isakmp policy 10

encryption aes 256

hash sha1

authentication pre-share

group 2

lifetime 86400

crypto isakmp policy 20

encryption aes 128

hash sha1

authentication pre-share

group 2

lifetime 86400

crypto isakmp policy 30

encryption 3des

hash sha1

authentication pre-share

group 2

lifetime 86400

crypto isakmp key f08fF*KT*ZlD address 109.8.32.99

ip access-list extended Tunnel1

permit ip 192.168.10.0 0.0.15.255 <destination subnet> <destination wildcard mask>

crypto ipsec transform-set aes256 esp-aes-256 esp-sha-hmac

crypto ipsec transform-set aes128 esp-aes-128 esp-sha-hmac

crypto ipsec transform-set 3des esp-3des esp-sha-hmac

crypto map Tunnels 10 ipsec-isakmp

set peer 109.8.32.99

set transform-set aes256 aes128 3des

match address Tunnel1

interface <outside interface>

crypto map Tunnels

More information about the Cisco router, Please visit: http://www.3anetwork.com/blog/