Re: IPSEC between 2611 and Win7 (within LAN)

ncciscouser · ‎02-17-2011

Hi,

i want to encrypt all traffic between a host (WIN7) and its default gateway (2611).

Could you please show me any configuration examples?

I think it should work with Transport mode encryption.

Thanks!

Federico Coto Fajardo · ‎02-17-2011

Hi,

If the endpoints of the protected traffic are both the host and the 2611 (as you mentioned) you can use transport mode.

You need to configure the 2611 as an EzVPN server to accept IPsec VPN from the PC. (with the difference of applying the crypto map to the ''inside'' interface).

Here's a link:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949ba.shtml

Hope it helps.

Federico.

ncciscouser · ‎02-18-2011

hi thanks for your info so far, do i need the cisco VPN Client software?

1.Shouldnt this work with Win7 IPSEC stack natively?

2.A dhcp pool from the ios router shouldnt be needed too, since iam not tunneling iam going for transport mode ?

Thanks.

Federico Coto Fajardo · ‎02-19-2011

1. If you use PPTP or L2TP/IPsec both uses native VPN on windows (no need for VPN client software).

2. In theory there's no need for pool, however all configs I've seen still uses a pool for VPN.

Hope it helps.

Federico.

ncciscouser · ‎02-21-2011

Hi works like a charm, no dhcp pool needed, can be achieved with Windows IPSEC Security Policy.

Import is setting transport mode in transform set / crypto map.