Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
564
Views
0
Helpful
4
Replies

NAT and VPN

otnj2ee
Level 1
Level 1

‎10-05-2005 02:03 PM

My web server is remotely located. I can only access it via the internet. For the secured access, I'll need the VPN.

Now from my office, I want to setup the client side of the VPN on my PC. But there are two possibilities:

1)I access the internet via an ADSL which dynamically set the IP address for my PC (via DHCP) and serveral other PC's in the LAN, but I only want my PC setup for the VPN, none of the others. In this case, can I still setup my PC for the VPN? If so, how? (Because my office router 877 uses the DHCP to assign an IP address for my PC and others, the IP of my PC is not static, it could change from each refreshing).

2)If the first choice is infeasible, can I use the Cisco 877 to do the NAT, i.e., internally I'll setup the private IP for each of the PC in the LAN, while the 877 router does some translation. Can I use this method to set up my PC to access the VPN ?(my pc only, none of other pc's in the LAN). If so, how?

Many thanks.

Scott

Labels:
0 Helpful
4 Replies 4

jackko
Level 7
Level 7

‎10-05-2005 05:51 PM

it would be less complicated if you can setup a static ip on your pc.

alternatively, consider remote vpn access by using cisco vpn client. with this, you will need to re-configure the remote vpn device.

0 Helpful

otnj2ee
Level 1
Level 1
In response to jackko

‎10-06-2005 07:53 AM

Thanks for the response. I have some further questions:

1) Where can I get/download the Cisco Client VPN software?

2) When you said: " re-configure the remote vpn device ", is there some guide to show how to configure the (Cisco) router to work with the Cisoco VPN client? If so, where can I get/download it?

Mnay thanks.

Scott

0 Helpful

jackko
Level 7
Level 7
In response to otnj2ee

‎10-06-2005 04:14 PM

below is a cut-down config sample:

username cisco password xxxxxx

aaa new-model

aaa authentication login vpnauthen local

aaa authorization network vpnauthor local

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration group vpngroup

key xxxxxx

pool vpnpool

acl 130

crypto ipsec transform-set vpnset esp-3des esp-md5-hmac

crypto dynamic-map dynmap 10

set transform-set vpnset

crypto map vpnmap client authentication list vpnauthen

crypto map vpnmap isakmp authorization list vpnauthor

crypto map vpnmap client configuration address respond

crypto map vpnmap 10 ipsec-isakmp dynamic dynmap

interface Ethernet0

ip address

ip nat inside

interface Dialer0

ip address

ip nat outside

crypto map vpnmap

ip local pool vpnpool 10.1.1.1 10.1.1.10

ip nat inside source route-map nonat interface Dialer0 overload

access-list 101 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 130 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

route-map nonat permit 10

match ip address 101

to download vpn client software,

http://www.cisco.com/kobayashi/sw-center/vpn/client/

0 Helpful

jackko
Level 7
Level 7
In response to jackko

‎10-15-2005 07:34 AM

just wondering how you go.

0 Helpful
Customers Also Viewed These Support Documents