Configuring IPSEC Remote Access VPN on 2800 Router

Unanswered Question
Jul 9th, 2008
User Badges:

I have a 2851 router that is currently being used to terminate all site to site VPNs. I want to start using it for our remote access VPNs which are currently on our 3005 Concentrator. I do not want to do split tunneling so I assume no ACLs for the remote access VPN users. Also we have an ACS/Radius server that I want to use to authenticate users instead of local authentication. I would like to use pre-shared key also. Is there a good document which shows this or has anyone configured this? I have attached the existing configuration for the 2851 router which shows the site to site VPN configuration. There is also some SSL VPN stuff on there but we are not using that at this time. Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mark.blanchfield Wed, 07/09/2008 - 09:18
User Badges:

Thank you for the document. That looks very helpful. One issue I am having is the ACS configuration for the router. Currently, it is set up as RADIUS/IETF for telnetting to the device. The instructions say to use Cisco IOS/Pix and after changing it, I cannot telnet to the device. Not sure if there is a way around that.

a.alekseev Wed, 07/09/2008 - 09:31
User Badges:
  • Gold, 750 points or more

you should be in network to telnet the router.

if your RADIUS/IETF server is not available the can you enable password.

mark.blanchfield Wed, 07/09/2008 - 09:48
User Badges:

I thought so too but it comes back with "Rejected" instead of timing out to the enable password.

mark.blanchfield Thu, 07/10/2008 - 04:50
User Badges:

The document is helpful. I started to configure it but am running into some issues. The ACS portion of the configuration is not the same as our ACS. There is no Cisco Secure Database option for password authentication. I have attached the updated configuration. The VPN Client did not connect. I tried to do all of the debugs but it did not even display any errors. I am sure there are numerous things wrong with the configuration. I used the existing SOHO dynamic crypto map and added map 30 for the remote access VPN. Thanks again for all of your help.



This Discussion