VPN on SR520

Unanswered Question
Mar 4th, 2009

Hi there,

I miss a bit of documentation for the SR520. We could not configure our internet connection through the CCA so we did so through the IOS CLI. But now the CCA keeps crashing when we look at the SR520.

What is the smartest CLI way to setup to SR520 to accept incoming VPN connections where we just keep the user database on the Cisco?

I am also submitting our config file in case that would help. (we wiped out the passwords)

Eljakim

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
eljakimit Fri, 03/06/2009 - 02:22

Since asking the question we've come up with the following configuration [found on various other internet locations]. But it's still not working. Next thing is probably the firewall rules

Is there anybody that can help out a bit, or at least say if we're going in the right direction?

vpdn enable

!

vpdn-group meentweg_vpn

! Default PPTP VPDN group

accept-dialin

  protocol pptp

  virtual-template 1

!

!

!   

interface Virtual-Template1

ip unnumbered Dialer0

peer default ip address pool inside

ppp encrypt mppe auto required

ppp authentication ms-chap ms-chap-v2

!





Marcos Hernandez Fri, 03/06/2009 - 08:17

Hi Eljakim,

I have sent this question to the SR520 Technical Marketing Engineer and the CCA team.

Thanks,

Marcos

Steven DiStefano Mon, 03/09/2009 - 08:31

Hi.  I was sad when I read the initial post, so I tried this myself.

Using a SR520 with the latest IOS (12.4(20)T2) and latest default configuration file (available in CCA 1.9.1 program files directory, I used CCA 1.9.1 to configure it after factory reset and it worked as a remote teleworked after assigning it an IP, Setting the Remote VPN to point to the host UC500 running SBCS 1.4 over the WAN, and establishing FE4 as an outside interface, and not too much more....

Can you try this?

Marcos Hernandez Mon, 03/09/2009 - 08:54

The problem Eljakin is having is that the WAN configuration screens on CCA do not expose all the paramaters that are needed to provision this ADSL connection in Holland.

I have sent thsi to the CCA Marketing team and this will likely become a feature enhancement.

Thanks,

Marcos

eljakimit Tue, 03/10/2009 - 05:52

But my original question is still unanswered...

Any takers, or is the SR520 still too new to get support on?

addis Tue, 03/10/2009 - 14:20

This configuration challenge is not an SR520 specific problem, but rather a challenge that exist in IOS itself.

Opening a TAC case is the prudent course of action at this point.

However, before doing so, please confirm that the SR520 hardware is compatible with the DSL hardware interactions you are hoping to achieve.  If the equipment in question is not on the compatibility list then no configuration changes are likely to address this issue.

http://www.cisco.com/en/US/prod/collateral/routers/ps9305/data_sheet_c78...

eljakimit Wed, 03/11/2009 - 01:11

Hi Addis,

accepting incoming VPN connections is on the list that you placed a link for. (It was actually one of our requirements). Someone else has also answered already that from the CCA it can be done.

We are stuck with IOS because the CCA does not support the DSL configuration used here, but that has been picked up by Marcos.

I'll open a TAC case for this issue as well.

Eljakim

eljakimit Mon, 07/13/2009 - 12:06

For interested people the bits and pieces from the IOS that were used

to configure this.

I hope some at Cisco listens at decides to makes setting up the PPTP

server endpoint and option in the CCA.

aaa authentication ppp default local

ip dhcp excluded-address 192.168.75.224 192.168.75.240


vpdn-group 1

! Default PPTP VPDN group

accept-dialin

  protocol pptp

  virtual-template 1


interface Virtual-Template1

ip unnumbered Dialer0

ip nat inside

ip virtual-reassembly

zone-member security in-zone

peer default ip address pool PPTP_POOL

no keepalive

ppp encrypt mppe auto

ppp authentication pap chap ms-chap

!

ip local pool PPTP_POOL 192.168.75.224 192.168.75.240