Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
434
Views
0
Helpful
4
Replies

831/871W router question

g.hammond
Level 1
Level 1

‎03-22-2007 06:14 AM - edited ‎03-03-2019 04:15 PM

We are trying to deploy 831s or 871s as a work from home solution using VPN. The basic setup works great as far as setting up easyvpn and having the switch ports on the router connect back to the corporate network. Is it possible, however, to set up one of the switch ports to bypass the tunnel and have unrestricted access to the internet. The basic layout would be the DSL/Cable modem would connect to the WAN port on the 831 or 871. Then, we would like to have one switch port connect to their "home" unrestricted network so that if they are using a corporate computer, they go through the corporate network, but if they are using a personal computer, it has unrestricted access to the internet. Is this scenario a possibilty? I haven't been able to find any documentation on this kind of setup. Not sure that the DMZ setup is what I am looking for. Can't find any documentation on setting up a virtual template and assigning ports to it. I know that the 831 and 871 are different architecturally and configuration wise but at this point, I'm mostly looking for a very basic answer. Any help would be greatly appreciated.

Labels:
0 Helpful
4 Replies 4

koontzuap
Level 1
Level 1

‎03-24-2007 04:37 PM

Have you considered simply placing the 831/871 behind a DSL/Cable router? Typically most home users already have a DSL/Cable router. The only downside is you are NAT'ing IPSEC traffic. I would not recommend IPSEC over NAT for a large office deployment but it works great for a home user.

I had an 831 configured for easyvpn behind my linksys for a year or so with zero issues. I eventually upgraded my Linksys to an 831 acting as a simple cable firewall router. I also had zero issues with the easyvpn 831 behind the cable firewall 831 router.

This also makes it easier on the user. If their PC is plugged into their DSL/Cable router, they have unrestricted access to the Internet. If their PC is plugged into the 831, they are on the corporate network.

If you only wanted to use the 831/871, then you could configure split tunneling. All traffic destined for the Internet would not go through the crypto tunnel. Most security teams would frown upon split tunnels for obvious reasons.

0 Helpful

g.hammond
Level 1
Level 1
In response to koontzuap

‎03-26-2007 02:16 PM

I was able to get the DMZ to work as my internal home network. Just had to use NAT to translate my home network to the internet.

0 Helpful

dawidwilk
Level 1
Level 1

‎03-30-2007 11:50 AM

You need to create a separate VLAN on your 871

Example.

VLAN 1 - corporate network

VLAN 2 - home network

VLAN2 will have different IP and ACL will not include it into VPN traffic.

Basic IOS on 871 doesn't support many VLANs.

You need to update the IOS.

0 Helpful

g.hammond
Level 1
Level 1
In response to dawidwilk

‎03-30-2007 12:31 PM

Yep. We discovered that we had to upgrade the IOS to make lots of things work.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card