Raj, thanks.

The cisco feature navigator indicates that this IOS version (c2600-i-mz.122-8.T) is only ip.

I also read that with the 12.2(8)T version it is possible to configure cisco easy vpn. Now I got a little confused. Anyway I will try some commands next week once I will be with the client.

Hi there,

The IOS version and the feature set are two different things. The image you are referring to is with the "IP ONLY" feature set. You will need a image with the "IPSEC" feature in it. To support 3DES, you'll need the "IPSEC 3DES" feature set...

In newer IOS versions the names has changed. See this link for more information on the new names:

http://www.cisco.com/go/packaging

As you say the 12.2(8)T version has support for the eZVPN server, but you'll still need the IPSEC-feature set...

Once it is "ip only", I've searched for an IOS version with support for easy vpn server but the router has only 32 DRAM and 8 flash. So my question is:

Any IOS version with IPSEC/3DES feature set is enough for configuring a vpn for remote access from a computer with dynamic ip address running XP?

Thanks

The EasyVPN server feature was added in 12.2(8)T, so that is the minimum version you'll need. Ie. you can use any versions more recent, but nothing less than that version.

I checked now, and you'll have to upgrade to minimum 64 MB DRAM and 16 MB Flash to get any image supporting EasyVPN into this particular router.

The 32/8 combination supports "IP Only" in more recent versions, but these doesn't support VPN's.

Did it help?

Johansens,

I have found some old versions that supports only ipsec/3des, not easy vpn. (c2600-ik2s-mz.12.0-4.T,c2600-ik2s-mz.12.0-3.T3)

Do you know if this feature set is sufficient for configuring the remote vpn from a computer with dynamic ip address?

And in your oppinion, do you think it would be a good idea using one of this old versions?

You must specify a peer-address in the crypto-map configuration in the older releases, so you can't use a dynamic ip address on the remote site.

In 12.3(4)T the ability to do Real-Time Resolution for IPSec Tunnel Peer was introduced.. but that won't help your case as it's still too large to fit in your router.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455b05.html

I can't think of any way you can do what you want unless you upgrade your router with more DRAM/Flash, so why don't you just buy some more? It's not that expensive.

Using older T-train releases has it's drawbacks.. I ran a quick check and found 2201 bugs on the 12.0(4)T IOS release (mind you this in in the general 12.0(4)T release and many of these bugs may not even be present in the c2600-platform image)...

If you can't upgrade the router.. can you solve your problem in another way? What is your goal? What do you want to achieve? How many users are going to use the solution? Can a SSH-tunnel solve it for you?

Did it help?

You are helping a lot. Thanks.

About upgrading memory, it depends on the client and I will tell him.

Initially the goal is to provide access from home, two connections only.

A ssh-tunnel certainly solve the problem. Do you have any documentation? Can I configure it with the IOS version running at the present time? c2600-i-mz.122-8.T

Do I need the real-time resolution to configure a remote vpn with dynamic ip address?

I have checked and it is only available for 2621 XM.

Any version with support for easy vpn server would solve this problem?

Thanks

Yes, you helped a lot.

Thanks.