Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1107
Views
0
Helpful
7
Replies

VPN tunnel from 1720 to 3005

sburks
Level 1
Level 1

‎11-29-2004 10:03 AM - edited ‎02-21-2020 01:28 PM

I need to establish a VPN tunnel between a cisco 1720 running version 12.0(1)XA1 and a Cisco 3005 running version 4.0.1.B. All I have been able to find is the Easy VPN feature, but it requires that I upgrade the 1720's version. Is there a way and some example on doing this if I can't upgrade the 1700?

Labels:
0 Helpful
7 Replies 7

Richard Burts
Hall of Fame
Hall of Fame

‎11-29-2004 02:09 PM

There are ways to establish a VPN connection between a 1720 and a 3005 that do not depend on Easy VPN. Whether you can implement them without upgrading the 1720 depends on the feature set of the IOS that you are running. There is a security feature set which supports manual configuration of a VPN connection on the 1720. What feature set are you running on your router?

HTH

Rick

HTH

Rick
0 Helpful

csonnen
Level 1
Level 1

‎11-30-2004 03:22 AM

Since the 1720 afaik has build-in VPN and hardware crypto-module like my 1710, you should absolutely be able to VPN without EasyVPN.

I don't know much about the 3005 config, but if it uses IOS, it might work likewise as the 1720 as far as the needed commands are concerned

I attached a config that works without EasyVPN between 2 1710s.

You might want to read this, too:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml

Christoph

Preview file
2 KB
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to csonnen

‎11-30-2004 06:58 AM

The 3005 does not run IOS so its configuration is quite different from what you are used to. But it should be fine to run IPSec VPN to the 1720.

While the VPN hardware module is standard on the 1710 it is an option on the 1720. So the router in question may or may not have the VPN module installed.

And whether the module is installed or not is not crucial to being able to run IPSec VPNs on it. (It improves performance and I certainly would prefer to have the module on a router I was planning to use for IPSec. But IPSec VPNs can be configured without the module.) What is crucial is the feature set which the router is running. The 1720 router may run a number of feature sets including the Base IP, the IP PLUS feature set and some others which do not support IPSec VPN. It also can run the security feature set which does support IPSec VPNs.

So we need to know what options (hardware and software) are present on the router. The output of show version would be the easy way to get this.

HTH

Rick

HTH

Rick
0 Helpful

sburks
Level 1
Level 1
In response to Richard Burts

‎11-30-2004 08:05 AM

Here is the output of the "sh ver":

Cisco Internetwork Operating System Software

IOS (tm) C1700 Software (C1700-BNR2SY-M), Version 12.0(0.18)PI, BETA TEST SOFTWARE

Copyright (c) 1986-1998 by cisco Systems, Inc.

Compiled Wed 26-Aug-98 16:29 by sdowler

Image text-base: 0x80008088, data-base: 0x807D6A7C

ROM: System Bootstrap, Version 12.0(1)XA1, RELEASE SOFTWARE (fc1)

Sungard uptime is 37 weeks, 6 days, 5 hours, 47 minutes

System restarted by power-on

System image file is "flash:c1700-bnr2sy-mz.120-0.18.PI"

cisco 1720 (MPC860) processor (revision 0x101) with 14746K/1638K bytes of memory.

Processor board ID JAD98510556 (2765985197), with hardware revision 0000

M860 processor: part number 0, mask 32

Bridging software.

X.25 software, Version 3.0.0.

1 FastEthernet/IEEE 802.3 interface(s)

1 Serial network interface(s)

32K bytes of non-volatile configuration memory.

4096K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to sburks

‎11-30-2004 08:56 AM

Scott

Thanks for posting this output. It shows that your 1720 does not have the hardware VPN module. From the file name of the IOS it looks to me like the feature set that you have is the IP/IPX/AT/IBM Plus feature set. I believe that this feature set does not support configuration of IPSec VPNs. And I am not sure that there is a version which does support IPSec VPNs which will fit into the limited amount of memory and flash that the router has.

So I think that the bottom line is that you will need to do upgrades of hardware and software to get this router to do IPSec VPNs (either with Easy VPN or through manual configuration).

HTH

Rick

HTH

Rick
0 Helpful

sburks
Level 1
Level 1
In response to Richard Burts

‎11-30-2004 09:03 AM

Thanks for your feedback, it was much appreciated. That was what I was thinking too.

0 Helpful

csonnen
Level 1
Level 1

‎11-30-2004 03:22 AM

posted it twice, deleted this one, sorry

0 Helpful
Customers Also Viewed These Support Documents