User name in site-to-site vpn?

rickpastor · ‎02-10-2011

It's been several years since I set up non-DMVPN IPSEC VPNs. At the time it was Pix 515s. If I remember correctly, I could set up either a site-to-site vpn (in which phase I and phase II specs were entered, PSK, etc.) of a remote-user vpn (where the above would be set up along with XAUTH for user credentials, and, I believe security group settings for different users). This is before DMVPN, which simplified a lot of it.

In any case, now I have a colleague who has purchased a RVS4000 for the purpose of configuring a site-to-site vpn with BeeVPN, a site that allows him to circumvent his ISPs monitoring. When he asked BeeVPN for specs on how to set up his RVS4000 as an IPSEC termination point for a site-to-site vpn, they responded with instructiions to enter his username and password as well as Group name. Does this make any sense? Shouldn't a peer address, encyption/auth/diffe-hellman, etc. settings and PSK all that is needed for a site-to-site vpn?

By the way, I realize he may have another issue with his dynamic ip address. But I was hoping I could first get some help on the basics.

Thanks very much

Herbert Baerten · ‎02-24-2011

Hi Rick,

first of all just a tip: for VPN issues you may get better/faster/more responses by posting in the

forum, or in cases like this where the product is in the Linksys or Cisco Small Business range in the forum.

Now, you're right about the basic differences between L2L or S2S tunnels, and client or remote access tunnels. However some devices (like IOS routers and the ASA5505) can also be configured as a a "hardware client" (sometimes referred to as "EzVPN client or "EzVPN remote"), where you basically configure it just like a software client, i.e. with group name, group password (PSK) and possibly username/password for xauth.

I'm not sure if the RVS4000 can do that - you may want to ask in the Small Business forum.

hth

Herbert