SR 520 Secure Router, easy setup

Answered Question
Dec 10th, 2008

Hi,

I have a pretty new 520 series router. It has a pretty simple desired configuration. For now, I would be happy if it could give an internal DHCP range of 192.168.3.0, and connect to the WAN via DHCP. I had it working when it was giving out an internal range of 192.168.75.0 (factory standard) last night, but when I switched to 3 it no longer gets past the gateway. Can someone tell me if I have errors in my attached config? It would be VERY much appreciated.

I have this problem too.
0 votes
Correct Answer by ajagadee about 8 years 20 hours ago

Yes, other than the ACL for NAT Traffic, I dont see anything that will block the 3.x from going to the internet.

Regards,

Arul

*Pls rate if it helps*

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
ajagadee Wed, 12/10/2008 - 12:43

Hi,

Your NAT ACL needs to be updated with the correct subnet.

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.75.0 0.0.0.255

Change the above configuration to:

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.3.0 0.0.0.255

Regards,

Arul

*Pls rate if it helps*

itccv0822 Wed, 12/10/2008 - 12:51

Excellent. Wow so dumb of me. I'll let you know if that works. That's all you see?

Correct Answer
ajagadee Wed, 12/10/2008 - 16:27

Yes, other than the ACL for NAT Traffic, I dont see anything that will block the 3.x from going to the internet.

Regards,

Arul

*Pls rate if it helps*

itccv0822 Sat, 12/13/2008 - 17:25

Worked great. Now I just need to set up a static VPN. I wonder if this device is capable of acting as a static VPN endpoint.

ajagadee Mon, 12/15/2008 - 19:57

Thanks for the update! Glad to be of help. Yes, you should be able to configure VPN Tunnel on the UC520. What type of static VPN Tunnel are you planning to configure. Is this going to be a Lan to Lan (L2L) tunnel between the UC520 to another VPN Device or is this going to be in EzVPN Connection. Also, you need to make sure that you are running a Crypto image to support IPSEC. Below are few examples that might help in configuring the tunnel.

Router to Pix.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094498.shtml

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008032b637.shtml

Regards,

Arul

*Pls rate if it helps*

itccv0822 Tue, 12/16/2008 - 11:42

I'm actually giving the SR520 you just helped me with a static IP to replace a Linksys in one of my sub offices.

The linksys already has a VPN connection to an ASA 5505 in the central location. The IP of the central location with the ASA 5505 is xx.60.101.154. The IP of the sub office where this new SR 520 is going as an endpoint is xx.8.140.226. So since the sub office already had a Linksys, the tunnel is already set up on the central ASA 5505. I set up the VPN on the new SR 520 for the remote site using the Cisco Configuration Assistant, but it had very few options. I got the attached "remote site config" as a result. It doesn't connect to the central site (the attached "central location config") as it is. The central site gives the attached errors. I am looking this over right now and see that it's going to be some programming to get them to connect to eachother. I'll try to figure it out but if you have any suggestions that would be great.

ajagadee Tue, 12/16/2008 - 11:52

Chris,

Based on your description and configuration, I think the problem lies with the Headend ASA configured for a Lan to Lan tunnel with peer address xxx.8.140.226 and then you are using the same address on the UC520 which is configured as a EzVPN Client. Do you know if you want to configure the UC520 as a EzVPN Client or L2L connection. Depending upon this, we may have to change the configuration either on the Headend ASA or UC520.

Regards,

Arul

*Pls rate if it helps*

itccv0822 Tue, 12/16/2008 - 12:02

The UC520 would be better as a L2L connection. It's just that when you run through the VPN setup on Cisco Configuration Assistant, it sets it up the way it is in the posted config. I'll have to use command line to set it up as a L2L, but that's what I have to do I guess. If you know how to do that or have any ideas that would be great.

ajagadee Tue, 12/16/2008 - 12:14

Chris,

Below is the link on how to configure a L2L Connection between a Router and Pix/ASA.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094498.shtml

The above configuration example matches exactly what you are trying to do. Also, take note of the section where you have to bypass NAT for the IPSEC Traffic. Reconfigure the UC520 and try to bring up the tunnel and let me know if it works.

Regards,

Arul

*Pls rate if it helps*

Actions

This Discussion