Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1229
Views
0
Helpful
3
Replies

1841 as Remote Access VPN concentrator with manual Keying

Go to solution
amaury.dailliez
Level 1
Level 1

‎01-04-2011 09:57 AM - edited ‎02-21-2020 05:03 PM

Hi there and Happy new year 2011 with best wishes !

I would like to use a 1841 router as VPN concentrator for up to 20 remote access connections.

My remote (third party) clients have IPsec capability with both IKE and Manual Keying support, but i didn't found any informations about simple Cisco remote access VPN configuration (only about Easy VPN server).

I would like to set Manual Keying VPN server (i think it's an easy way to start), is there any issue to do it ?

files :

- topology

- third party Ethernet/3G router IPsec GUI with auth algorithm choice

- third party Ethernet/3G router IPsec GUI with encryption algorithm choice

I will feel so better that someone helps me !

Regards,

Amaury

Labels:
Preview file
43 KB
Preview file
24 KB
Preview file
40 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to amaury.dailliez

‎01-05-2011 01:52 AM

As the remote end is third party routers, the only option you have will be LAN-to-LAN IPSec VPN. You can't run Easy VPN as that is only supported on Cisco devices.

If your remote end has static outside ip address that terminates the VPN, then you can configure static LAN-to-LAN crypto map on the 1841 router, however, if your remote end has dynamic outside ip address, then you would need to configure dynamic LAN-to-LAN crypto map on the 1841 router. All remote LAN subnets need to be unique.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎01-04-2011 10:07 PM

To start with, I wouldn't use the manual keying as that is the complicated way and you would need to manually configure the key. I would use the automatic pre-share key method.

Are you trying to configure dynamic LAN-to-LAN VPN tunnel from the remote sites? or Easy VPN? Easy VPN client is only supported on Cisco devices, not on third party devices.

0 Helpful

Go to solution
amaury.dailliez
Level 1
Level 1
In response to Jennifer Halim

‎01-05-2011 01:47 AM

Hi Jennifer

Thanks for your answer.. now i'm sure that pre-shared key is the easiest way.

I don't know if it's better to configure L2L or Remote Access for this topology... My third party 3G routers can be configured as bridge, NAT router or with DMZ. As we know, Easy VPN is only supported on Cisco platforms so i must do a "standard" IPsec implementation.

I'm trying to extract few informations from this book of Richard Deal (The Complete Cisco VPN Configuration Guide) but i'm confused cause dominating subject seems to be Easy VPN (no concrete example with standard implementation). As i said in earlier topic, i have not worked on Cisco platforms for 10 years, so it's difficult to remember everything

Cheers

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to amaury.dailliez

‎01-05-2011 01:52 AM

As the remote end is third party routers, the only option you have will be LAN-to-LAN IPSec VPN. You can't run Easy VPN as that is only supported on Cisco devices.

If your remote end has static outside ip address that terminates the VPN, then you can configure static LAN-to-LAN crypto map on the 1841 router, however, if your remote end has dynamic outside ip address, then you would need to configure dynamic LAN-to-LAN crypto map on the 1841 router. All remote LAN subnets need to be unique.

0 Helpful
Customers Also Viewed These Support Documents