01-22-2013 09:16 AM
Hello everybody
Yesterday I tried to configure a 881 router which has an IP-Phone 7975 and one workstation. However the CUCM is in the other part of the city.
The network where the CUCM has been connected can be reachable by VPN.
From the VPN router I have the following information:
Public Static IP-Adress
Group username & Group Key
Username & password
If I used this info with Cisco VPN client on a computer, the connection works great but I do not how to configure my 881 with the same information.
The 881 router is connected behind an ADSL Modem
Please any idea will be good. thank you.
Solved! Go to Solution.
01-22-2013 09:49 AM
Hi Carlos,
Easy VPN Client configuration guide:
Short:
crypto ipsec client ezvpn easy_vpn_remote
connect auto
group ezvpn key ezvpn
mode client
peer 10.6.6.1
username cisco password cisco
and bind that group under outside and inside interface:
interface FastEthernet0/0
crypto ipsec client ezvpn easy_vpn_remote inside
!
interface Serial0/0
crypto ipsec client ezvpn easy_vpn_remote
---
Michal
01-22-2013 09:49 AM
Hi Carlos,
Easy VPN Client configuration guide:
Short:
crypto ipsec client ezvpn easy_vpn_remote
connect auto
group ezvpn key ezvpn
mode client
peer 10.6.6.1
username cisco password cisco
and bind that group under outside and inside interface:
interface FastEthernet0/0
crypto ipsec client ezvpn easy_vpn_remote inside
!
interface Serial0/0
crypto ipsec client ezvpn easy_vpn_remote
---
Michal
01-22-2013 10:47 AM
Hello Michal, thsnk you so much for you quick response
I type the config that you provided me
And I got the following result
ROUTER881#sh cry ip cl ez
Inside interface list: Fastethernet1
Outside interface: FastEthernet4
Current State: TUNNEL_INT_UP
Last Event: TUNNEL_INTERFACE_UP
Save Password: Allowed
Current EzVPN Peer: [IP ROUTER Addres]
In the other side with VPN router
I typed
vpngw#sh crypto isakmp peers
Peer: 187.237.14.216 PORT 57560 Local: [IP ROUTER Addres]
Phase id: [Tunnel Name]
It seems the connection has been established however any device behind VPN router response to the 881 behind network.
01-22-2013 10:59 AM
If you still have problem it might be the matter of hub configuration.
Could you access CUCM from cisco vpn client computer ?
Can you ping CUCM from 881 using inside network as a source ?
---
Michal
01-22-2013 02:32 PM
Hi Michal
Yes, when I connect my computer to VPN by "VPN-client" I can reach the CUCM.
But when I configure the Crypto I can not reach the CUCM by pinging from Router 881.
In other words, ping 10.0.80.75 source 192.168.1.1
where 10.0.80.75 is CUCM IP-address
and
192.168.1.1 is inside 881 network
This is so very strange
01-23-2013 08:33 AM
Hi Carlos,
Please configure "crypto ipsec client ezvpn Netmedical inside" under vlan1 interface (not fa1)
---
Michal
01-23-2013 10:43 AM
Hi Michal
I have configured "crypto ipsec client ezvpn Netmedical inside" under VLAN1. I realized that "show crypto ip cl ez"
is changing quickly.
It shows me:
different status
As you can see in the picture. Workstation on the router881 can connect to the VPN but Router 881 itself can not.
I have to say that VPN router provide to its clients with VPN IP Address.
I can share the VPN configuration that I have on VPN router.
username "username" password "userpassword"
then
crypto isakmp client configuration group [group-name]
key [Key]
dns [IP DNS]
pool [Client _POOL]
acl Client_ACL
max-users 2
max-logins 2
netmask 255.255.255.0
then
crypto isakmp profile IKE_PROFILE
match identity group Netmedical
then
ip local pool Client _POOL 192.168.212.128 192.168.212.254
[these are the ip address provide to the clients]
then
ip access-list extended Client_ACL
permit ip host 10.0.80.75 192.168.212 0.0.0.127 <--------- CUCM ADDRESS
Well I can not still find any solution. We are still looking for something.
Thank you for your help
01-23-2013 11:47 AM
Connection from router is failing, you should see status:
Current State: IPSEC_ACTIVE
ACL and POOL configuration is used on server side, not client side.
Please use this example for client (nothing more)
crypto ipsec client ezvpn GROUP1
connect auto
group GROUP1 key cisco
mode client
peer 192.168.0.2
username cisco password cisco
Bind that config to vlan1 as inside and ethernet4 as outside.
If you still have problems show me "debug crypto isakmp" results.
---
Michal
01-28-2013 09:08 PM
Hi Michal
Everything that you told me was correct in the Router 881 Side. However the problem was with the Router VPN Server.
In the section
crypto isakmp client configuration group [name]
Line ------> save-password
This line was missing and for that, the connection couldn't established at the beginning.
Well, thank you so much for your help.
Best Regards from Mexico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide