SR 520 Secure Router, easy setup

Answered Question
Dec 10th, 2008
User Badges:

Hi,


I have a pretty new 520 series router. It has a pretty simple desired configuration. For now, I would be happy if it could give an internal DHCP range of 192.168.3.0, and connect to the WAN via DHCP. I had it working when it was giving out an internal range of 192.168.75.0 (factory standard) last night, but when I switched to 3 it no longer gets past the gateway. Can someone tell me if I have errors in my attached config? It would be VERY much appreciated.



Correct Answer by ajagadee about 8 years 4 months ago

Yes, other than the ACL for NAT Traffic, I dont see anything that will block the 3.x from going to the internet.


Regards,

Arul


*Pls rate if it helps*

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
ajagadee Wed, 12/10/2008 - 12:43
User Badges:
  • Cisco Employee,

Hi,


Your NAT ACL needs to be updated with the correct subnet.


access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.75.0 0.0.0.255


Change the above configuration to:


access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.3.0 0.0.0.255


Regards,

Arul


*Pls rate if it helps*

itccv0822 Wed, 12/10/2008 - 12:51
User Badges:

Excellent. Wow so dumb of me. I'll let you know if that works. That's all you see?

Correct Answer
ajagadee Wed, 12/10/2008 - 16:27
User Badges:
  • Cisco Employee,

Yes, other than the ACL for NAT Traffic, I dont see anything that will block the 3.x from going to the internet.


Regards,

Arul


*Pls rate if it helps*

itccv0822 Sat, 12/13/2008 - 17:25
User Badges:

Worked great. Now I just need to set up a static VPN. I wonder if this device is capable of acting as a static VPN endpoint.

ajagadee Mon, 12/15/2008 - 19:57
User Badges:
  • Cisco Employee,

Thanks for the update! Glad to be of help. Yes, you should be able to configure VPN Tunnel on the UC520. What type of static VPN Tunnel are you planning to configure. Is this going to be a Lan to Lan (L2L) tunnel between the UC520 to another VPN Device or is this going to be in EzVPN Connection. Also, you need to make sure that you are running a Crypto image to support IPSEC. Below are few examples that might help in configuring the tunnel.


Router to Pix.


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094498.shtml


http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008032b637.shtml


Regards,

Arul


*Pls rate if it helps*

itccv0822 Tue, 12/16/2008 - 11:42
User Badges:

I'm actually giving the SR520 you just helped me with a static IP to replace a Linksys in one of my sub offices.


The linksys already has a VPN connection to an ASA 5505 in the central location. The IP of the central location with the ASA 5505 is xx.60.101.154. The IP of the sub office where this new SR 520 is going as an endpoint is xx.8.140.226. So since the sub office already had a Linksys, the tunnel is already set up on the central ASA 5505. I set up the VPN on the new SR 520 for the remote site using the Cisco Configuration Assistant, but it had very few options. I got the attached "remote site config" as a result. It doesn't connect to the central site (the attached "central location config") as it is. The central site gives the attached errors. I am looking this over right now and see that it's going to be some programming to get them to connect to eachother. I'll try to figure it out but if you have any suggestions that would be great.



ajagadee Tue, 12/16/2008 - 11:52
User Badges:
  • Cisco Employee,

Chris,


Based on your description and configuration, I think the problem lies with the Headend ASA configured for a Lan to Lan tunnel with peer address xxx.8.140.226 and then you are using the same address on the UC520 which is configured as a EzVPN Client. Do you know if you want to configure the UC520 as a EzVPN Client or L2L connection. Depending upon this, we may have to change the configuration either on the Headend ASA or UC520.


Regards,

Arul


*Pls rate if it helps*

itccv0822 Tue, 12/16/2008 - 12:02
User Badges:

The UC520 would be better as a L2L connection. It's just that when you run through the VPN setup on Cisco Configuration Assistant, it sets it up the way it is in the posted config. I'll have to use command line to set it up as a L2L, but that's what I have to do I guess. If you know how to do that or have any ideas that would be great.

ajagadee Tue, 12/16/2008 - 12:14
User Badges:
  • Cisco Employee,

Chris,


Below is the link on how to configure a L2L Connection between a Router and Pix/ASA.


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094498.shtml


The above configuration example matches exactly what you are trying to do. Also, take note of the section where you have to bypass NAT for the IPSEC Traffic. Reconfigure the UC520 and try to bring up the tunnel and let me know if it works.


Regards,

Arul


*Pls rate if it helps*


itccv0822 Tue, 12/16/2008 - 12:22
User Badges:

Okay I will try this out and let you know how it goes.

Actions

This Discussion