Solved: Re: Easy VPN remote configuration

husseinmuneer · ‎06-14-2011

Dear Sir,

I have cisco router 837 in the main office for a company and it's working as VPN server, the branches access to the main office using cisco VPN client application (based on windows).

We want to connect a branch using cisco router 837 (Easy VPN remote) instead of cisco VPN client application because this branch has 6 PC so we need the cisco 837 to aggregate them then connect them to the main office.

We are using dynamic DNS in the main office.

Is it possible to make a configuration in the main router for both cisco VPN client application which working in the samll branches and in the same time for Easy VPN remote (router 837) ? the network will be as the attached image.

Regards

pablo.nxh · ‎06-16-2011

Hello Hussein,

You won't be modifying the configuration on your Main router but on your Remote 837 instead.

You'll be configuring your remote router as an EzVPN remote user, please take a look at this example.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080808395.shtml

HTH

__ __

Pablo

View solution in original post

Latchum Naidu · ‎07-04-2011

Hi,

You must need to configure user and password in the server and the same need to configure at client end.

Please see the below link for clear easy vpn configuration:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ftunity.html#wp1048865

HTH

Please click on the correct answer if this answered your question.

Regards,

View solution in original post

pablo.nxh · ‎06-16-2011

Hello Hussein,

You won't be modifying the configuration on your Main router but on your Remote 837 instead.

You'll be configuring your remote router as an EzVPN remote user, please take a look at this example.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080808395.shtml

HTH

__ __

Pablo

husseinmuneer · ‎06-25-2011

Thanks Pablo,

I did the configuration as mentioned in cisco website but from the debug the router asked me for Xauth username and password so what does he mean?

1- Does he mean we should create username and password in the main router (EZVPN Server) or he needs the username and password which we put for telnet purpose in the main router?

2- I entered the following command but he did't ask me for username and password !!:

837W#crypto ipsec client ezvpn xauth

I read in some discussins that problem is IOS bugs and I should replace the IOS so I have the attached IOSs what kind is supposed to work goods?

Regards

Latchum Naidu · ‎07-04-2011

Hi,

You must need to configure user and password in the server and the same need to configure at client end.

Please see the below link for clear easy vpn configuration:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ftunity.html#wp1048865

HTH

Please click on the correct answer if this answered your question.

Regards,

husseinmuneer · ‎07-05-2011

I already solve the problem.

The problrm was that I was enterning the command in the configuration mode while I should write it after the globle mode.

The problem now that tunnel is ok (up) but there is no ping between the internal LANs ( networks behind the VPN server and Remote VPN router).

Regards

Latchum Naidu · ‎07-06-2011

Hi,

Yeah... I have also faced the same problem (tunnel is up but no traffic pass on)

Make sure the NAT part and accesslist part at client end and Server end is ok. It must be like below which I have at one of my easy vpn client ASA.

access-list inside_access_in extended permit ip any any
access-list inside_access_out extended permit udp any host 10.28.0.0 object-group DM_INLINE_UDP_2

global (outside) 1 interface
nat (inside) 1 10.50.50.0 255.255.255.0
access-group inside_access_in in interface inside
access-group inside_access_out out interface inside

HTH
Please click on the correct answer if this answered your question.
Regards,
Naidu.