[c-nsp] VPN Questions

[Paul Stewart]

Hi there...

We have a client with a remote office location connected back to their main
office via GRE tunnel... works fine....

Now, they wish to ADD an IPSec connection to a remote location for database
sharing... 

The router is only a 806

IOS (tm) C806 Software (C806-K9OSY6-M), Version 12.3(18), RELEASE SOFTWARE
(fc3)


Configuration looks like this:

crypto isakmp policy 10
 encr aes 256
 authentication pre-share
crypto isakmp key blahblah address xxx.xxx.xxx.xxx

crypto ipsec transform-set ts1 ah-sha-hmac esp-aes 256 !
crypto ipsec profile VPN
 set transform-set ts1

interface Tunnel0
 description Courthouse Location
 ip address 172.16.1.6 255.255.255.252
 ip mtu 1300
 ip tcp adjust-mss 1260
 tunnel source Dialer1
 tunnel destination xxx.xxx.xxx.xxx
 tunnel protection ipsec profile VPN

interface Ethernet0
 description Local Subnet
 ip address 192.168.250.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting access-violations
 ip nat inside
 ip tcp adjust-mss 1260
 no cdp enable
 hold-queue 32 in
 hold-queue 100 out

ip route 192.168.2.0 255.255.255.0 Tunnel0

ip access-list extended VPN
 permit ip 192.168.250.0 0.0.0.255 192.168.2.0 0.0.0.255

ip nat inside source list 105 interface Dialer1 overload

access-list 105 deny   ip 192.168.250.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 105 permit ip 192.168.250.0 0.0.0.255 any




The above configuration works perfectly and I don't want to mess with it too
much... my VPN experience is limited and we're doing this as more of a
favour than anything else...

Two questions:

Can I add a IPSEC VPN to this configuration and will the 806 support it?
The connection is a 3 Mb/s X 800Kb/s ADSL connection.....

Secondly, I don't want to knock down their existing connections - can
someone point me in the right direction for configuration so that the two
will co-exist?  I'm not so concerned about the IpSEC working, it's more of
the GRE tunnel and IpSEC conflicting...;)

Thanks for your time,

Paul