09-02-2005 02:51 AM
Hello all !
Is anybody know if it's possible to setup a vpn beetween a cisco router 837 and a vpn client 4.04 (or 3.0), we have many roaming users who need to connect to our main site from the internet network ,our main site is connected to internet thru a 837.
Thanks in advance for your help
olivier
09-04-2005 10:55 AM
Hi Oliver,
it should be possible to configure a 837 as Easy VPN Server. See the following link for more info:
http://www.cisco.com/en/US/products/hw/routers/ps380/products_data_sheet09186a008010e5c5.html
http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html
hth
Mark
09-04-2005 04:25 PM
read below is a "cut-down" version of config, which should serve as an example to follow. feel free to post your existing config and we will help you to modify.
username cisco password 7 xxxxxxxx
aaa new-model
aaa authentication login vpnauthen local
aaa authorization network vpnauthor local
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group vpngroup
key xxxxxxxx
pool vpnpool
acl 130
crypto ipsec transform-set vpnset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10
set transform-set vpnset
crypto map vpnmap client authentication list vpnauthen
crypto map vpnmap isakmp authorization list vpnauthor
crypto map vpnmap client configuration address respond
crypto map vpnmap 10 ipsec-isakmp dynamic dynmap
interface Ethernet0
ip address 172.16.8.1 255.255.255.0
ip nat inside
interface Dialer0
ip nat outside
crypto map vpnmap
ip local pool vpnpool 10.12.12.1 10.12.12.10
ip nat inside source route-map nonat interface Dialer0 overload
access-list 101 deny ip 172.16.8.0 0.0.0.255 10.12.12.0 0.0.0.255
access-list 101 permit ip 172.16.8.0 0.0.0.255 any
access-list 130 permit ip 172.16.8.0 0.0.0.255 10.12.12.0 0.0.0.255
route-map nonat permit 10
match ip address 101
09-06-2005 12:44 AM
Many thanks for your exemple, it will help me.
I goign to include your exemple in my present configuration.
this router is also used to connect our site to another office (a vpn rputer 837 to PIX 506).
I keep you posted.
Olivier
09-18-2005 09:40 PM
just wondering how you go
09-23-2005 08:33 AM
Same here, I would like to know if you were able to get both the site to site vpn tunnel and vpn clients to connect to the same router at the same time.
Juan
09-25-2005 10:28 PM
Hi Juan,
I build the configuration (vpn client +vpn tunnel), i wil test it next week , i keep you inform if it works !!!
olivier
09-26-2005 12:00 AM
Hi I did the sam ething with 2651XM, it already have site2site VPN and I need to get the VPN client working, I check with many configs, EsyVPN server etc
It Always error with this msg
CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer
This is my config (only vpn client)
crypto isakmp client configuration group opsnetvpngroup
key cisco1232
pool vpnpool
acl 150
crypto ipsec transform-set opsnet-vpnset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 900
set transform-set opsnet-vpnset
crypto map OPSNETMAP client authentication list vpnauthen
crypto map OPSNETMAP client configuration address respond
crypto map OPSNETMAP 900 ipsec-isakmp dynamic dynmap
ip local pool vpnpool 172.31.18.241 172.31.18.246
access-list 150 permit ip 172.31.18.240 0.0.0.7 any
Any help will be appreciated
09-26-2005 11:54 PM
Hi, I got valuable tip from cisco tac about my defered version,
This time I use 2821 as my easyVPN server, after upgrade to 12.3(8)T8 I have my site-2-site and vpn client in one single router
I use SDM to craete the EasyVpn server, it's easy and simple.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide