Solved: ezvpn client on router to windows vpn server

ndi_kiyanov · ‎09-06-2011

Hi

is it possible to connect cisco router using ezvpn to windows 2008r2 server?

i spend a lot of time and got no success.

i'm trying to connect cisco 881g using ezvpn to windows vpn server (RRAS) usign pre-shared key.

or i should try to connect in any differ way ? (for e.g. using vpdn on router)

pls refer me to some docs if it possible... coz i begin to doubt

thanks in advance

Jennifer Halim · ‎09-08-2011

ok, for LAN-to-LAN IPSec tunnel, here is a sample config on cisco router:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080194650.shtml

Just have to make sure that Windows 2008 server supports ipsec lan-to-lan tunnel as well as NAT-T if the VPN traffic will be passing through NAT device.

View solution in original post

Jennifer Halim · ‎09-07-2011

No, ezvpn can only be configured between Cisco devices, not with a third party device.

ndi_kiyanov · ‎09-08-2011

thank you a lot for reply.

so in my situation (connect cisco to win2008 rras vpn) the olny one way -it's to use cisco router as l2tp\ipsec client, right ?

and it's possible only with using certificate auth method..?

Jennifer Halim · ‎09-08-2011

are you trying to configure lan-to-lan vpn tunnel between your windows 2008 server, or just vpn client from windows 2008 to cisco vpn server?

if it's vpn client from windows 2008 server, then yes, L2TP over IPSec will work, and you can use pre-shared key as the authentication. Don't have to use certificate if you don't want to.

ndi_kiyanov · ‎09-08-2011

lan-to-lan is also good idea . but cisco router in behind the NAT. so i'm not sure that lan-to-lan is possible. (exactly i do not know . is it possible?)

exactly i need vpn from cisco to windows 2008 . i need to pass all traffic through win2008 gateway. is it possible?

i tryed to deploy conf like that:

pseudowire-class pw-class-1 
encapsulation l2tpv2 
protocol l2tpv2 
ip local interface FastEthernet4 

 
interface Virtual-PPP1 
ip address negotiated 
no ip redirects 
no ip unreachables 
no ip proxy-arp 
ip mtu 1492 
ip nat outside 
no ip virtual-reassembly 
no cdp enable 
ppp authentication chap callin 
ppp chap hostname ******* 
ppp chap password 0 ****** 
ppp ipcp route default 
pseudowire  1 encapsulation l2tpv2 pw-class pw-class-1 
!

bt no success.. on win 2008 side i can see (with MS NET MON) that some packets come from cisco. but vpn connection was not established.

Jennifer Halim · ‎09-08-2011

ok, for LAN-to-LAN IPSec tunnel, here is a sample config on cisco router:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080194650.shtml

Just have to make sure that Windows 2008 server supports ipsec lan-to-lan tunnel as well as NAT-T if the VPN traffic will be passing through NAT device.

ndi_kiyanov · ‎09-08-2011

thank you !

i'll try to implement this solution today after business hours.

also the last question :

after i config lan-to-lan vpn - will it be possible to make windows server as default gateway for cisco clients subnet? ( i mean will it be work after i set it as gateway?)

Jennifer Halim · ‎09-08-2011

Once you have configured the lan-to-lan VPN tunnel between windows server and cisco router, basically you would configure traffic between the windows server LAN and cisco router LAN as the interesting traffic, and only those traffic will be sent through the VPN tunnel. All other traffic should be routed as per normal towards the internet.