Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
515
Views
0
Helpful
3
Replies

easyvpn server and easyvpn client

ositechnologies
Level 1
Level 1

‎07-01-2004 12:05 AM

Is it possible for 837 K9 bundle vpn router to act as easyvpn server as well as easyvpn client both applied to the same interface

Labels:
0 Helpful
3 Replies 3

wisfaque
Level 1
Level 1

‎07-07-2004 01:42 AM

Hi there

it is currentnly not possible to have the 831 as a EZVPN client and also as a EZVPN server.

I belive you have a DHCP assigned IP address because of which you might be using EZVPN.

But you can use a dynamic crypto ma which will aloow you to have a lan to lan tunnel to the mail site and also allow you to have the router act as a VPN server. This feature is possible using "isakmp profiles" which was introduces in 12.2.15T.

The link to help you with this is:

http://www.cisco.com/en/US/partner/tech/tk583/tk372/technologies_configuration_example09186a00801dddbb.shtml

Hope this helps

Thanks

Wakif

0 Helpful

ositechnologies
Level 1
Level 1
In response to wisfaque

‎07-07-2004 02:48 AM

Thanks for your reply Mr.Wakif,

Let me clear my requirement,

I have a PIX at central site behind a 677(ADSL) router (Dynamic IP),

I have 2 branch office with cisco 837 adsl with dynamic IP.

Iam using My own Dynamic dns service,

Presently from both the branch office iam connecting to central site PIX using ezvpn client feature by setting the peer as domain name.

Now the requirement is one of the branch office 837K9 should act as easy vpn server,

As you have replied in your email by creating a dynamic crypto map and using isakmp profiles i can have lan to lan tunnel , Is it possible to connect to the PIX , how will i create tunnel interface in PIX,without creating tunnel interface can i achieve my requirement.

Thanks

Ganesan

0 Helpful

wisfaque
Level 1
Level 1
In response to ositechnologies

‎07-09-2004 04:00 AM

Hello Ganesan

From your notes I could understand that you have a PIX at the central site and also 2 remote vrenach site with 837 routers which also have dynamic IPs.

If your PIX and also the concerned 837 router both have dynamic IPs, the dynamic Lan to Lan will not be possible. One of the sites has to have a static IP address.

Also for EZVPN there is no tunnel interface involved in the configuration. If you are passing unicast traffic it would work without the tunnel interfaces (which are generally used for GRE).

If one of the sites have a static IP. Say in our case the PIX. We need not make any change to the pix. The pix will have a dynamic crypto map only. The other peer the 837 will point to the PIXs static IP.

Again for the 837 to work as a server for other clients you would have to use isakmp profiles which will allow the 837 to distinguish between the pix and the other users.

I am sending you a few links. I am sure going through them will give you a much clearer picture.

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2308/products_configuration_example09186a0080094680.shtml

Here pix is with a dynamic crypto map.

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008008993c.html

It has all the details about IPSEC on PIX

http://www.cisco.com/en/US/partner/tech/tk583/tk372/technologies_configuration_example09186a0080094a87.shtml

This describes your scenario.

Also the config on thr router would change a bit, if ot has to act as a server also. This is explained in the isakmp profiles link I had sent you earlier.

Hope this helps

Thanks

0 Helpful
Customers Also Viewed These Support Documents