Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2597
Views
8
Helpful
7
Replies

Supported VPN routers

Go to solution
eugroshev
Level 1
Level 1

‎01-18-2016 07:21 AM - edited ‎06-04-2019 02:21 AM

Hello everybody,

We plan to start using Sandbox Collaboration labs shortly and are now choosing a VPN router for connecting our devices.

This page (https://developer.cisco.com/site/devnet/sandbox/available-labs/comm-collab) refers to that page (https://developer.cisco.com/site/devnet/sandbox/index.gsp#connection) for information about supported VPN routers but there is no information. The FAQs page (https://developer.cisco.com/site/devnet/sandbox/documents/faqs) does not provide specific details either.

I wonder if the router should support any specific features besides being capable of establishing IPSec-based site-to-site tunnels.
One particular models we’re considering is Cisco 881 Ethernet Security.

And this is a bit offtopic, but does anyone know if 800 Series routers support concurrent VPN connections? We would like to maintain VPN connections to sandboxes from other companies too.

Thanks!

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
jacoadam
Level 5
Level 5
In response to eugroshev

‎01-19-2016 05:41 AM

That is great to hear, Eugene!

For a loaner router, it is free for us to loan it out to you. The only cost are the shipping charges to return the router back to our Cisco office! Delivery to Sweden normally wouldn't take longer than 5 days.

As for multiple tunnels, there's a few options you can go with. I have to connect to two VPN's all of the time and I think the best way to do it is to use a Software and a Hardware VPN. For example, your PC would be connected directly through the 881 which would have a tunnel to network A. With a split tunnel, only traffic intended for Network would be routed through the HW tunnel. Then, to connect to Network B, you would use a software VPN with AnyConnect or another VPN client. Traffic intended for Network B would be packetized and tunneled to Network B. Even if the Network B Traffic was routed down Tunnel A, it would still make it to it's final destination. This solution is simple and works without too much overhead, I use it everyday!

[Edit: Removed information about Dual Tunnels as it is not supported by EzVPN.]

On a different note, I saw this documentation which states that the 881w can support up to 20 IPsec tunnels, and this is referring to the number of SW VPN tunnels that the router will support, as documented here:

https://supportforums.cisco.com/discussion/11708201/cisco-881-maximum-number-vpn-tunnels-allowed

Please let me know if you have any other questions, and if this has answered your questions!

Thanks!

Jacob

View solution in original post

0 Helpful
7 Replies 7

Go to solution
jacoadam
Level 5
Level 5

‎01-18-2016 07:29 AM

Hello Eugene!

Thanks for your question! Thanks for bringing the pages to our attention! We can now update them with the proper information for future users! At this point in time, we currently support 800 series routers in the sandbox using an EZvpn tunnel.

We have a loaner program to allow users to connect HW routers to the sandbox lab. Through this program, we will loan you a Cisco 881w router. We will send it with a configuration pre-built out to allow you to connect to the labs, at the time of reservation you will just need to input VPN address and credentials supplied by email. If you are interested in this program, please let us know and we will contact you directly!

As for your final question, I believe the 881w only supports one VPN connection at a time. Since I can't give you a definitive answer to that question, I will try to find someone who can answer that question for you.

Please let us know if you have any additional questions!

Thanks!

Jacob

Go to solution
eugroshev
Level 1
Level 1
In response to jacoadam

‎01-19-2016 02:13 AM

Hello Jacob and thank you for being helpful, I feel welcome at this forum

Right now we are planning to go with an own router but out of curiosity - how long would delivery of a loan router take (we are in Sweden)? Also, what are the costs?

My only other question is if anyone knows which of the 800 Series models supports 2 or more concurrent site-to-site tunnels.

0 Helpful

Go to solution
jacoadam
Level 5
Level 5
In response to eugroshev

‎01-19-2016 05:41 AM

That is great to hear, Eugene!

For a loaner router, it is free for us to loan it out to you. The only cost are the shipping charges to return the router back to our Cisco office! Delivery to Sweden normally wouldn't take longer than 5 days.

As for multiple tunnels, there's a few options you can go with. I have to connect to two VPN's all of the time and I think the best way to do it is to use a Software and a Hardware VPN. For example, your PC would be connected directly through the 881 which would have a tunnel to network A. With a split tunnel, only traffic intended for Network would be routed through the HW tunnel. Then, to connect to Network B, you would use a software VPN with AnyConnect or another VPN client. Traffic intended for Network B would be packetized and tunneled to Network B. Even if the Network B Traffic was routed down Tunnel A, it would still make it to it's final destination. This solution is simple and works without too much overhead, I use it everyday!

[Edit: Removed information about Dual Tunnels as it is not supported by EzVPN.]

On a different note, I saw this documentation which states that the 881w can support up to 20 IPsec tunnels, and this is referring to the number of SW VPN tunnels that the router will support, as documented here:

https://supportforums.cisco.com/discussion/11708201/cisco-881-maximum-number-vpn-tunnels-allowed

Please let me know if you have any other questions, and if this has answered your questions!

Thanks!

Jacob

0 Helpful

Go to solution
jokearns1
Cisco Employee
Cisco Employee
In response to jacoadam

‎01-19-2016 05:45 AM

Hi,

Just to add to remarks, EzVPN does support dual tunnels. Virtual interfaces need to be used in that case.

Joe

Go to solution
jawicks
Cisco Employee
Cisco Employee

‎01-21-2016 02:40 AM

on the c8xx you should be able to build multiple IPSec tunnels using something like the snippet of config below. The ACL defined within each crypto-map clause will decide which of the IPSec peers to forward the packet towards.  In the example below anything from the local 192.168.243.0/24 subnet destined for 10.1.1.0/24 will be sent to crypto-peer 2.2.2.2 but if it is destined to 10.2.2.0/24 then will be sent to peer 3.3.3.3.

crypto map CPE-Crypto-Map 1 ipsec-isakmp

set peer 2.2.2.2

set transform-set Pompey

match address 101

crypto map CPE-Crypto-Map 10 ipsec-isakmp

set peer 3.3.3.3

set transform-set Pompey

match address 102

snip......

access-list 101 permit ip 192.168.243.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 102 permit ip 192.168.243.0 0.0.0.255 10.2.2.0 0.0.0.255

Go to solution
toddspc
Level 1
Level 1
In response to jawicks

‎01-23-2023 12:44 PM

Could you please provide a startup-config file for C891. I own the router with POE module. 

0 Helpful

Go to solution
eugroshev
Level 1
Level 1

‎01-21-2016 02:50 AM

Thanks jokearns and jawicks Your replies were very helpful.

jacoadam, thanks for the posted example.

I think I have a basic grip of configuring Easy VPN and I will try connecting to sandbox soon.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents