08-07-2017 04:19 AM - edited 03-05-2019 08:57 AM
Hi
I have 4G internet router with open internet with this I need to connect cisco 887 and 1840 router .I have VPN setup also to communicate with our HO ,Please update any possibility
08-07-2017 01:35 PM
Hello,
what do you want to do, establish a site to site VPN between your 4G router and a Cisco 887 and 1841 ? What type/brand is the 4G router ?
08-07-2017 10:05 PM
yes need to establish the site to site VPN , Dlink-4G Router with SIM Card Data.
with wan port cisco 887 router I m getting the internet but try to dial VPN its not connecting
08-08-2017 12:32 AM
Hello,
which D-Link model do you have ? Most (I don't know if all) models can do IPsec tunnels.
Here is a basic IPsec config for the Cisco:
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 1
lifetime 86400
crypto isakmp key ciscotodlink address 192.168.1.2
ip access-list extended VPN_TRAFFIC
permit ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
crypto ipsec transform-set TS esp-3des esp-md5-hmac
crypto map CRYPTO 10 ipsec-isakmp
set peer 192.168.1.2
set transform-set TS
match address VPN_TRAFFIC
interface GiigabitEthernet0/1
crypto map CRYPTO
ip nat inside source list 100 interface GigabitEthernet0/1 overload
access-list 100 deny ip 10.10.10.0 0.0.0.255 10.10.20.0 0.0.0.255
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
For the D-Link part, those settings need to match. Here is a config example for the DSR-1000N:
http://files.dlink.com.au/products/DSR-1000N/REV_A/SetupGuides/VPN_-_IPSec_Tunnel_between_D-Link_DSR-series_and_Fortinet_Firewall.pdf
As for configuring the VPN as a backup, you could configure an IP SLA on the Cisco. Post the configuration of the 887, and we can fill in the necessary bits and pieces...
08-08-2017 12:59 AM
Hi,
Dlink 4G Router is DWR-921
First I tried below the configuration internet started working internet
https://i0.wp.com/itadminguide.com/wp-content/uploads/2016/07/cisco-route-887-wan-configuration.jpg?resize=300%2C91 300w, https://i0.wp.com/itadminguide.com/wp-content/uploads/2016/07/cisco-route-887-wan-configuration.jpg?resize=768%2C233 768w">
Same Scenario but its not ADSL router
ip dhcp excluded-address 192.168.200.1 192.168.200.20
ip dhcp pool ROFFICEDHCP
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
dns-server 8.8.8.8 8.8.4.4
lease 0 2
interface FastEthernet0
description CONNECTED TO WAN
switchport access vlan 100
no ip address
spanning-tree portfast
interface FastEthernet1
switchport access vlan 200
no ip address
spanning-tree portfast
interface FastEthernet2
switchport access vlan 200
no ip address
spanning-tree portfast
interface FastEthernet3
switchport access vlan 200
no ip address
spanning-tree portfast
interface Vlan1
no ip address
shutdown
interface Vlan200
description LAN
ip address 192.168.200.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Vlan100
description WAN
ip address 192.168.100.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
ip default-gateway 192.168.100.254
ip nat inside source list 100 interface Vlan100 overload
access-list 100 permit ip 192.168.200.0 0.0.0.255 any
ip route 0.0.0.0 0.0.0.0 192.168.100.254
after that I tried to establish the vpn with below the configuration but its not happening internet also not working
ip dhcp excluded-address 192.168.16.101 192.168.16.254
ip dhcp excluded-address 192.168.16.1 192.168.16.20
!
ip dhcp pool Test_pool
import all
network 192.168.16.0 255.255.255.0
default-router 192.168.16.1
dns-server 8.8.8.8 8.8.4.4
lease 0 2
!
!
ip cef
ip name-server 0.0.0.0
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887-SEC-K9 sn FCZ1512C0VB
!
!
!
!
!
crypto ipsec client ezvpn Test
connect auto
group test key ****
mode network-extension
peer 0.0.0.0
xauth userid mode interactive
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
!
interface FastEthernet0
description CONNECTED TO WAN
switchport access vlan 100
spanning-tree portfast
!
!
interface FastEthernet1
switchport access vlan 200
spanning-tree portfast
!
!
interface FastEthernet2
switchport access vlan 200
spanning-tree portfast
!
!
interface FastEthernet3
switchport access vlan 200
spanning-tree portfast
!
!
interface Vlan1
no ip address
shutdown
!
!
interface Vlan100
description WAN
ip address 192.168.100.1 255.255.255.0
ip nat outside
ip virtual-reassembly
!
!
interface Vlan200
description LAN
ip address 192.168.16.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1260
duplex auto
speed auto
crypto ipsec client ezvpn Test inside
!
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
crypto ipsec client ezvpn Test
!
!
ip default-gateway 192.168.100.254
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 100 interface Vlan100 overload
ip route 0.0.0.0 0.0.0.0 192.168.100.254
!
access-list 110 deny ip 192.168.16.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 110 permit ip 192.168.16.0 0.0.0.255 any
dialer-list 1 protocol ip permit
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide