03-20-2010 12:37 PM - edited 03-04-2019 07:52 AM
Hello, I have a 871 router and I am looking to create a second VLan that will not have firewall protection and be separate from the main VLan. The purpose of this is to have laptops connect to this vlan and let tem VPN into other sites. If anyone can give me insight or send me to page that has the configuration that would be great.
Thank you all in advance.
03-21-2010 12:57 AM
Hi,
This thread may help for a sample VPN configuration.
https://supportforums.cisco.com/docs/DOC-6215;jsessionid=31A7B6E1A5F31FB97749915C9F808EBD.node0
A few examples of configuring VPN can also be found here. It depends on the client you are using and if GRE is configured as to the option you choose.
http://www.cisco.com/en/US/products/hw/routers/ps380/prod_configuration_examples_list.html
It may not be a good idea to leave certain parts of your network unprotected by a firewall. These holes can be easily exploited by hackers.
03-21-2010 04:21 AM
I am not too sure if that will work. Here is what is happening. I am behind a C871
and I am trying to connect to another network with the Cisco VPN client to a PIX 515e, I can connect ok pit I am unable to ping any hosts on the other side. When I turn off the fire wall then connect to the other network I can ping and see all the hosts.
Hope this help give you an insight as to why I am looking to do another VLan.
03-21-2010 04:40 AM
It seems the ios fw / CBAC is blocking some traffic.
You need to configure inspect the particular protocol (icmp, TCP, etc)
and also allow the traffic in the interface ACL for the Cisco client vpn to work.
If you can post the sanitized config of the 871 then it would give a better idea.
03-21-2010 04:53 AM
03-21-2010 11:19 PM
interface f?
switchport mode access
switchport access vlan ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide