12-10-2008 12:31 PM - edited 03-04-2019 12:39 AM
Hi,
I have a pretty new 520 series router. It has a pretty simple desired configuration. For now, I would be happy if it could give an internal DHCP range of 192.168.3.0, and connect to the WAN via DHCP. I had it working when it was giving out an internal range of 192.168.75.0 (factory standard) last night, but when I switched to 3 it no longer gets past the gateway. Can someone tell me if I have errors in my attached config? It would be VERY much appreciated.
Solved! Go to Solution.
12-10-2008 04:27 PM
Yes, other than the ACL for NAT Traffic, I dont see anything that will block the 3.x from going to the internet.
Regards,
Arul
*Pls rate if it helps*
12-10-2008 12:43 PM
Hi,
Your NAT ACL needs to be updated with the correct subnet.
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.75.0 0.0.0.255
Change the above configuration to:
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.3.0 0.0.0.255
Regards,
Arul
*Pls rate if it helps*
12-10-2008 12:51 PM
Excellent. Wow so dumb of me. I'll let you know if that works. That's all you see?
12-10-2008 04:27 PM
Yes, other than the ACL for NAT Traffic, I dont see anything that will block the 3.x from going to the internet.
Regards,
Arul
*Pls rate if it helps*
12-13-2008 05:25 PM
Worked great. Now I just need to set up a static VPN. I wonder if this device is capable of acting as a static VPN endpoint.
12-15-2008 07:57 PM
Thanks for the update! Glad to be of help. Yes, you should be able to configure VPN Tunnel on the UC520. What type of static VPN Tunnel are you planning to configure. Is this going to be a Lan to Lan (L2L) tunnel between the UC520 to another VPN Device or is this going to be in EzVPN Connection. Also, you need to make sure that you are running a Crypto image to support IPSEC. Below are few examples that might help in configuring the tunnel.
Router to Pix.
Regards,
Arul
*Pls rate if it helps*
12-16-2008 11:42 AM
I'm actually giving the SR520 you just helped me with a static IP to replace a Linksys in one of my sub offices.
The linksys already has a VPN connection to an ASA 5505 in the central location. The IP of the central location with the ASA 5505 is xx.60.101.154. The IP of the sub office where this new SR 520 is going as an endpoint is xx.8.140.226. So since the sub office already had a Linksys, the tunnel is already set up on the central ASA 5505. I set up the VPN on the new SR 520 for the remote site using the Cisco Configuration Assistant, but it had very few options. I got the attached "remote site config" as a result. It doesn't connect to the central site (the attached "central location config") as it is. The central site gives the attached errors. I am looking this over right now and see that it's going to be some programming to get them to connect to eachother. I'll try to figure it out but if you have any suggestions that would be great.
12-16-2008 11:52 AM
Chris,
Based on your description and configuration, I think the problem lies with the Headend ASA configured for a Lan to Lan tunnel with peer address xxx.8.140.226 and then you are using the same address on the UC520 which is configured as a EzVPN Client. Do you know if you want to configure the UC520 as a EzVPN Client or L2L connection. Depending upon this, we may have to change the configuration either on the Headend ASA or UC520.
Regards,
Arul
*Pls rate if it helps*
12-16-2008 12:02 PM
The UC520 would be better as a L2L connection. It's just that when you run through the VPN setup on Cisco Configuration Assistant, it sets it up the way it is in the posted config. I'll have to use command line to set it up as a L2L, but that's what I have to do I guess. If you know how to do that or have any ideas that would be great.
12-16-2008 12:14 PM
Chris,
Below is the link on how to configure a L2L Connection between a Router and Pix/ASA.
The above configuration example matches exactly what you are trying to do. Also, take note of the section where you have to bypass NAT for the IPSEC Traffic. Reconfigure the UC520 and try to bring up the tunnel and let me know if it works.
Regards,
Arul
*Pls rate if it helps*
12-16-2008 12:22 PM
Okay I will try this out and let you know how it goes.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide