09-06-2011 12:47 PM
Hi
is it possible to connect cisco router using ezvpn to windows 2008r2 server?
i spend a lot of time and got no success.
i'm trying to connect cisco 881g using ezvpn to windows vpn server (RRAS) usign pre-shared key.
or i should try to connect in any differ way ? (for e.g. using vpdn on router)
pls refer me to some docs if it possible... coz i begin to doubt
thanks in advance
Solved! Go to Solution.
09-08-2011 02:09 AM
ok, for LAN-to-LAN IPSec tunnel, here is a sample config on cisco router:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080194650.shtml
Just have to make sure that Windows 2008 server supports ipsec lan-to-lan tunnel as well as NAT-T if the VPN traffic will be passing through NAT device.
09-07-2011 04:27 AM
No, ezvpn can only be configured between Cisco devices, not with a third party device.
09-08-2011 01:41 AM
thank you a lot for reply.
so in my situation (connect cisco to win2008 rras vpn) the olny one way -it's to use cisco router as l2tp\ipsec client, right ?
and it's possible only with using certificate auth method..?
09-08-2011 01:49 AM
are you trying to configure lan-to-lan vpn tunnel between your windows 2008 server, or just vpn client from windows 2008 to cisco vpn server?
if it's vpn client from windows 2008 server, then yes, L2TP over IPSec will work, and you can use pre-shared key as the authentication. Don't have to use certificate if you don't want to.
09-08-2011 02:01 AM
lan-to-lan is also good idea . but cisco router in behind the NAT. so i'm not sure that lan-to-lan is possible. (exactly i do not know . is it possible?)
exactly i need vpn from cisco to windows 2008 . i need to pass all traffic through win2008 gateway. is it possible?
i tryed to deploy conf like that:
pseudowire-class pw-class-1
encapsulation l2tpv2
protocol l2tpv2
ip local interface FastEthernet4
interface Virtual-PPP1
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
no ip virtual-reassembly
no cdp enable
ppp authentication chap callin
ppp chap hostname *******
ppp chap password 0 ******
ppp ipcp route default
pseudowire
1 encapsulation l2tpv2 pw-class pw-class-1 !
bt no success.. on win 2008 side i can see (with MS NET MON) that some packets come from cisco. but vpn connection was not established.
09-08-2011 02:09 AM
ok, for LAN-to-LAN IPSec tunnel, here is a sample config on cisco router:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080194650.shtml
Just have to make sure that Windows 2008 server supports ipsec lan-to-lan tunnel as well as NAT-T if the VPN traffic will be passing through NAT device.
09-08-2011 02:17 AM
thank you !
i'll try to implement this solution today after business hours.
also the last question :
after i config lan-to-lan vpn - will it be possible to make windows server as default gateway for cisco clients subnet? ( i mean will it be work after i set it as gateway?)
09-08-2011 04:37 AM
Once you have configured the lan-to-lan VPN tunnel between windows server and cisco router, basically you would configure traffic between the windows server LAN and cisco router LAN as the interesting traffic, and only those traffic will be sent through the VPN tunnel. All other traffic should be routed as per normal towards the internet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide