Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
266
Views
0
Helpful
4
Replies

Facing issue with connecting remote Office

jegathish88
Level 1
Level 1

‎08-07-2017 04:19 AM - edited ‎03-05-2019 08:57 AM

Hi

I have 4G internet router with open internet  with this I need to connect   cisco 887 and 1840 router .I have VPN setup also to communicate with our HO ,Please update any possibility

Labels:
0 Helpful
4 Replies 4

Georg Pauwen
VIP
VIP

‎08-07-2017 01:35 PM

Hello,

what do you want to do, establish a site to site VPN between your 4G router and a Cisco 887 and 1841 ? What type/brand is the 4G router ?

0 Helpful

jegathish88
Level 1
Level 1
In response to Georg Pauwen

‎08-07-2017 10:05 PM

yes need to establish the site to site VPN , Dlink-4G Router with SIM Card Data.

with wan port cisco 887 router I m getting  the internet but try to dial VPN its not connecting  

0 Helpful

Georg Pauwen
VIP
VIP
In response to jegathish88

‎08-08-2017 12:32 AM

Hello,

which D-Link model do you have ? Most (I don't know if all) models can do IPsec tunnels.

Here is a basic IPsec config for the Cisco:

crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 1
lifetime 86400

crypto isakmp key ciscotodlink address 192.168.1.2

ip access-list extended VPN_TRAFFIC
permit ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255

crypto ipsec transform-set TS esp-3des esp-md5-hmac

crypto map CRYPTO 10 ipsec-isakmp
set peer 192.168.1.2
set transform-set TS
match address VPN_TRAFFIC

interface GiigabitEthernet0/1
crypto map CRYPTO

ip nat inside source list 100 interface GigabitEthernet0/1 overload
access-list 100 deny ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
access-list 100 permit ip 10.10.10.0 0.0.0.255 any

For the D-Link part, those settings need to match. Here is a config example for the DSR-1000N:

http://files.dlink.com.au/products/DSR-1000N/REV_A/SetupGuides/VPN_-_IPSec_Tunnel_between_D-Link_DSR-series_and_Fortinet_Firewall.pdf

As for configuring the VPN as a backup, you could configure an IP SLA on the Cisco. Post the configuration of the 887, and we can fill in the necessary bits and pieces...

0 Helpful

jegathish88
Level 1
Level 1
In response to Georg Pauwen

‎08-08-2017 12:59 AM

Hi,

Dlink 4G Router is DWR-921

First I tried below the configuration internet started working internet

cisco-route-887-wan-configurationhttps://i0.wp.com/itadminguide.com/wp-content/uploads/2016/07/cisco-route-887-wan-configuration.jpg?resize=300%2C91 300w, https://i0.wp.com/itadminguide.com/wp-content/uploads/2016/07/cisco-route-887-wan-configuration.jpg?resize=768%2C233 768w">

Same Scenario but its not ADSL router  

ip dhcp excluded-address 192.168.200.1 192.168.200.20

ip dhcp pool ROFFICEDHCP
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
dns-server 8.8.8.8 8.8.4.4
lease 0 2

interface FastEthernet0
description CONNECTED TO WAN
switchport access vlan 100
no ip address
spanning-tree portfast

interface FastEthernet1
switchport access vlan 200
no ip address
spanning-tree portfast

interface FastEthernet2
switchport access vlan 200
no ip address
spanning-tree portfast

interface FastEthernet3
switchport access vlan 200
no ip address
spanning-tree portfast

interface Vlan1
no ip address
shutdown

interface Vlan200
description LAN
ip address 192.168.200.1 255.255.255.0
ip nat inside
ip virtual-reassembly in

interface Vlan100
description WAN
ip address 192.168.100.1 255.255.255.0
ip nat outside
ip virtual-reassembly in

ip default-gateway 192.168.100.254

ip nat inside source list 100 interface Vlan100 overload
access-list 100 permit ip 192.168.200.0 0.0.0.255 any

ip route 0.0.0.0 0.0.0.0 192.168.100.254

after that I tried to establish the vpn with below the configuration but its not happening internet also not working

ip dhcp excluded-address 192.168.16.101 192.168.16.254
ip dhcp excluded-address 192.168.16.1 192.168.16.20
!
ip dhcp pool Test_pool
import all
   network 192.168.16.0 255.255.255.0
   default-router 192.168.16.1
  dns-server 8.8.8.8 8.8.4.4
   lease 0 2
!
!
ip cef
ip name-server 0.0.0.0
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887-SEC-K9 sn FCZ1512C0VB
!
!
!
!
!
crypto ipsec client ezvpn Test
 connect auto
 group test key ****
 mode network-extension
 peer 0.0.0.0
 xauth userid mode interactive
!

!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
 !
!
interface FastEthernet0
 description CONNECTED TO WAN
 switchport access vlan 100
 spanning-tree portfast
 !
!
interface FastEthernet1
 switchport access vlan 200
 spanning-tree portfast
 !
!
interface FastEthernet2
 switchport access vlan 200
 spanning-tree portfast
 !
!
interface FastEthernet3
 switchport access vlan 200
 spanning-tree portfast
 !
!
interface Vlan1
 no ip address
 shutdown
 !
!
interface Vlan100
 description WAN
 ip address 192.168.100.1 255.255.255.0
 ip nat outside
 ip virtual-reassembly

 !
!
interface Vlan200
 description LAN
 ip address 192.168.16.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
ip tcp adjust-mss 1260
 duplex auto
 speed auto
 crypto ipsec client ezvpn Test inside
!
!
interface Dialer0
 ip address negotiated
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 crypto ipsec client ezvpn Test


 !
!
ip default-gateway 192.168.100.254
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 100 interface Vlan100 overload
ip route 0.0.0.0 0.0.0.0 192.168.100.254
!
access-list 110 deny   ip 192.168.16.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 110 permit ip 192.168.16.0 0.0.0.255 any
dialer-list 1 protocol ip permit

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card