Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6741
Views
0
Helpful
11
Replies

VPN on SR520

eljakimit
Level 1
Level 1

‎03-04-2009 06:56 AM

Hi there,

I miss a bit of documentation for the SR520. We could not configure our internet connection through the CCA so we did so through the IOS CLI. But now the CCA keeps crashing when we look at the SR520.

What is the smartest CLI way to setup to SR520 to accept incoming VPN connections where we just keep the user database on the Cisco?

I am also submitting our config file in case that would help. (we wiped out the passwords)

Eljakim

Labels:
Preview file
8 KB
0 Helpful
11 Replies 11

eljakimit
Level 1
Level 1

‎03-06-2009 02:22 AM

Since asking the question we've come up with the following configuration [found on various other internet locations]. But it's still not working. Next thing is probably the firewall rules

Is there anybody that can help out a bit, or at least say if we're going in the right direction?

vpdn enable

!

vpdn-group meentweg_vpn

! Default PPTP VPDN group

accept-dialin

  protocol pptp

  virtual-template 1

!

!

!   

interface Virtual-Template1

ip unnumbered Dialer0

peer default ip address pool inside

ppp encrypt mppe auto required

ppp authentication ms-chap ms-chap-v2

!





0 Helpful

Marcos Hernandez
Level 8
Level 8
In response to eljakimit

‎03-06-2009 08:17 AM

Hi Eljakim,

I have sent this question to the SR520 Technical Marketing Engineer and the CCA team.

Thanks,

Marcos

0 Helpful

Steven DiStefano
VIP Alumni
VIP Alumni
In response to eljakimit

‎03-09-2009 08:31 AM

Hi.  I was sad when I read the initial post, so I tried this myself.

Using a SR520 with the latest IOS (12.4(20)T2) and latest default configuration file (available in CCA 1.9.1 program files directory, I used CCA 1.9.1 to configure it after factory reset and it worked as a remote teleworked after assigning it an IP, Setting the Remote VPN to point to the host UC500 running SBCS 1.4 over the WAN, and establishing FE4 as an outside interface, and not too much more....

Can you try this?

0 Helpful

Marcos Hernandez
Level 8
Level 8
In response to Steven DiStefano

‎03-09-2009 08:54 AM

The problem Eljakin is having is that the WAN configuration screens on CCA do not expose all the paramaters that are needed to provision this ADSL connection in Holland.

I have sent thsi to the CCA Marketing team and this will likely become a feature enhancement.

Thanks,

Marcos

0 Helpful

Steven DiStefano
VIP Alumni
VIP Alumni
In response to Marcos Hernandez

‎03-09-2009 08:58 AM

OK, Thanks.

My comments apply to the US in that case :-)

0 Helpful

eljakimit
Level 1
Level 1

‎03-10-2009 05:52 AM

But my original question is still unanswered...

Any takers, or is the SR520 still too new to get support on?

0 Helpful

Marcos Hernandez
Level 8
Level 8
In response to eljakimit

‎03-10-2009 07:11 AM

Eljakim,

Did you open the TAC case? If so, please send me the number.

Thanks,

Marcos

0 Helpful

addis
Level 1
Level 1

‎03-10-2009 02:20 PM

This configuration challenge is not an SR520 specific problem, but rather a challenge that exist in IOS itself.

Opening a TAC case is the prudent course of action at this point.

However, before doing so, please confirm that the SR520 hardware is compatible with the DSL hardware interactions you are hoping to achieve.  If the equipment in question is not on the compatibility list then no configuration changes are likely to address this issue.

http://www.cisco.com/en/US/prod/collateral/routers/ps9305/data_sheet_c78-484356.html

0 Helpful

eljakimit
Level 1
Level 1
In response to addis

‎03-11-2009 01:11 AM

Hi Addis,

accepting incoming VPN connections is on the list that you placed a link for. (It was actually one of our requirements). Someone else has also answered already that from the CCA it can be done.

We are stuck with IOS because the CCA does not support the DSL configuration used here, but that has been picked up by Marcos.

I'll open a TAC case for this issue as well.

Eljakim

0 Helpful

eljakimit
Level 1
Level 1

‎07-13-2009 12:06 PM

For interested people the bits and pieces from the IOS that were used

to configure this.

I hope some at Cisco listens at decides to makes setting up the PPTP

server endpoint and option in the CCA.

aaa authentication ppp default local

ip dhcp excluded-address 192.168.75.224 192.168.75.240


vpdn-group 1

! Default PPTP VPDN group

accept-dialin

  protocol pptp

  virtual-template 1


interface Virtual-Template1

ip unnumbered Dialer0

ip nat inside

ip virtual-reassembly

zone-member security in-zone

peer default ip address pool PPTP_POOL

no keepalive

ppp encrypt mppe auto

ppp authentication pap chap ms-chap

!

ip local pool PPTP_POOL 192.168.75.224 192.168.75.240

0 Helpful

Marcos Hernandez
Level 8
Level 8
In response to eljakimit

‎07-14-2009 08:07 AM

Thanks for sharing.


Marcos

0 Helpful
Customers Also Viewed These Support Documents