cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7058
Views
0
Helpful
12
Replies

remote vpn ipsec tunnel on a cisco 800 series

pcfreak49
Level 1
Level 1

how can you configure remote vpn ipsec tunnel on a Cisco 800 router ?

12 Replies 12

Hi,

If I understand correctly, you want to use the 800 router as a Hardware client?

If so, you can check this link:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080241a0d.shtml

The 800 router can accept remote IPsec connections (IPsec server), or act as an IPsec client to initiate a tunnel to an IPsec server. (This is what EzVPN is all about).

Federico.

I want via laptop, ipad, desktop remote ipsec vpn to a remote router through Cisco AnyConnect and Cisco AnyConnect mobility

You can also configure without a web interface and allows you to configure a tunnel interface?

I have it configured but can not connect?

You might want to check what I mentioned above.

If phase 1 is getting established:

sh cry isa sa

If there's nothing, verify that you have connectivity from the client to the IP of the Router you're trying to VPN to.

If phase 1 is established, verify phase 2:

sh cry ipsec sa

After that, the tunnel should established and traffic should pass. If not, we should see where the problem is.

Federico.

this is the output of crypto isakmp sa and crypto ipsec sa

IPv4 Crypto ISAKMP SA
dst src state conn-id status

IPv6 Crypto ISAKMP SA

R1 # sh crypto ipsec sa

R1 #

You're not getting any output.

Can you PING the router from the VPN client? (connectivity)?

If connectivity is fine, make sure that the output of those debugs are being sent to your output screen (telnet, console, etc.)

Federico.

no it does not work

Ok.

If you don't have connectivity from the client to the router we need to go back....

This is no VPN problem, since you're not even getting there...

Why is that you have no connectivity between the client and server has to be the first thing to resolve here.

Is it your client? Your ISP? Something in between?

Federico.

I'll just wait for the running-config just by sending