cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1707
Views
15
Helpful
10
Replies

SR 520 Secure Router, easy setup

itccv0822
Level 1
Level 1

Hi,

I have a pretty new 520 series router. It has a pretty simple desired configuration. For now, I would be happy if it could give an internal DHCP range of 192.168.3.0, and connect to the WAN via DHCP. I had it working when it was giving out an internal range of 192.168.75.0 (factory standard) last night, but when I switched to 3 it no longer gets past the gateway. Can someone tell me if I have errors in my attached config? It would be VERY much appreciated.

1 Accepted Solution

Accepted Solutions

Yes, other than the ACL for NAT Traffic, I dont see anything that will block the 3.x from going to the internet.

Regards,

Arul

*Pls rate if it helps*

View solution in original post

10 Replies 10

ajagadee
Cisco Employee
Cisco Employee

Hi,

Your NAT ACL needs to be updated with the correct subnet.

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.75.0 0.0.0.255

Change the above configuration to:

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.3.0 0.0.0.255

Regards,

Arul

*Pls rate if it helps*

Excellent. Wow so dumb of me. I'll let you know if that works. That's all you see?

Yes, other than the ACL for NAT Traffic, I dont see anything that will block the 3.x from going to the internet.

Regards,

Arul

*Pls rate if it helps*

Worked great. Now I just need to set up a static VPN. I wonder if this device is capable of acting as a static VPN endpoint.

Thanks for the update! Glad to be of help. Yes, you should be able to configure VPN Tunnel on the UC520. What type of static VPN Tunnel are you planning to configure. Is this going to be a Lan to Lan (L2L) tunnel between the UC520 to another VPN Device or is this going to be in EzVPN Connection. Also, you need to make sure that you are running a Crypto image to support IPSEC. Below are few examples that might help in configuring the tunnel.

Router to Pix.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094498.shtml

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008032b637.shtml

Regards,

Arul

*Pls rate if it helps*

I'm actually giving the SR520 you just helped me with a static IP to replace a Linksys in one of my sub offices.

The linksys already has a VPN connection to an ASA 5505 in the central location. The IP of the central location with the ASA 5505 is xx.60.101.154. The IP of the sub office where this new SR 520 is going as an endpoint is xx.8.140.226. So since the sub office already had a Linksys, the tunnel is already set up on the central ASA 5505. I set up the VPN on the new SR 520 for the remote site using the Cisco Configuration Assistant, but it had very few options. I got the attached "remote site config" as a result. It doesn't connect to the central site (the attached "central location config") as it is. The central site gives the attached errors. I am looking this over right now and see that it's going to be some programming to get them to connect to eachother. I'll try to figure it out but if you have any suggestions that would be great.

Chris,

Based on your description and configuration, I think the problem lies with the Headend ASA configured for a Lan to Lan tunnel with peer address xxx.8.140.226 and then you are using the same address on the UC520 which is configured as a EzVPN Client. Do you know if you want to configure the UC520 as a EzVPN Client or L2L connection. Depending upon this, we may have to change the configuration either on the Headend ASA or UC520.

Regards,

Arul

*Pls rate if it helps*

The UC520 would be better as a L2L connection. It's just that when you run through the VPN setup on Cisco Configuration Assistant, it sets it up the way it is in the posted config. I'll have to use command line to set it up as a L2L, but that's what I have to do I guess. If you know how to do that or have any ideas that would be great.

Chris,

Below is the link on how to configure a L2L Connection between a Router and Pix/ASA.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094498.shtml

The above configuration example matches exactly what you are trying to do. Also, take note of the section where you have to bypass NAT for the IPSEC Traffic. Reconfigure the UC520 and try to bring up the tunnel and let me know if it works.

Regards,

Arul

*Pls rate if it helps*

Okay I will try this out and let you know how it goes.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: