Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
683
Views
0
Helpful
3
Replies

VPN on a Stick with Cisco Router

payala
Level 1
Level 1

‎06-29-2016 04:59 PM

Hello team,

I was wondering if it's possible to create the next scenario where I want to connect a Cisco Router 1841 directly to a GPON (Gigabit-capable Passive Optical Networks), here is my network diagram:

I was trying to configure Cisco SSL VPN (WebVPN), is it possible to create this network scenario??? There should be NAT for my internal ip address (192.168.1.1), right?

Here is the sample configuration that I created:

aaa authentication login default line
aaa authentication login userauthen local
aaa authentication login sslvpn local
aaa authentication ppp default local
aaa authorization network groupauthor local

!

password encryption aes
crypto pki token default removal timeout 0
!
crypto pki trustpoint my-trustpoint
enrollment selfsigned
serial-number
subject-name CN=my-certificate
revocation-check crl
rsakeypair my-rsa-keys
!

webvpn gateway my-WebVPN-Gateway
ip address 192.168.1.1 port 443
ssl encryption rc4-md5
ssl trustpoint my-trustpoint
inservice
!
webvpn context my-WebVPN
title "My WebVPN - Powered By Cisco"
ssl authenticate verify all
!
url-list "rewrite"
!
acl "ssl-acl"
permit ip 192.168.1.0 255.255.255.0 192.168.1.0 255.255.255.0
!
login-message "Cisco Secure WebVPN"
!
policy group webvpnpolicy
functions svc-enabled
filter tunnel ssl-acl
svc address-pool "webvpn-pool" netmask 255.255.255.0
svc rekey method new-tunnel
svc split include 192.168.1.0 255.255.255.0
default-group-policy webvpnpolicy
aaa authentication list sslvpn
max-users 2
inservice

Here is the configuration from the interface (the only interface connected to the GPON):

interface Vlan1
description < LAN >
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip nbar protocol-discovery
ip flow ingress
ip virtual-reassembly in
!

Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

‎07-03-2016 10:31 PM

Life would be easier if you did:

internal hosts <--> 1841 <--> GPON router

0 Helpful

payala
Level 1
Level 1
In response to Philip D'Ath

‎07-05-2016 08:55 AM

That's correct but the problem is that I need to get another AP instead of the GPON. Actually my VPN is working now but I'm getting a lot of problems with Full tunnel and also I'm having issues with disconnections. I'm not sure what's going on.

0 Helpful

wingetjennifer881
Level 1
Level 1

‎09-02-2016 05:50 PM

Check this site for more info http://www.best-power-banks.com/

0 Helpful
Customers Also Viewed These Support Documents