871 New Vlan with no firewall

Unanswered Question
Mar 20th, 2010
User Badges:

Hello, I have a 871 router and I am looking to create a second VLan that will not have firewall protection and be separate from the main VLan.  The purpose of this is to have laptops connect to this vlan and let tem VPN into other sites.  If anyone can give me insight or send me to page that has the configuration that would be great.


Thank you all in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sean_evershed Sun, 03/21/2010 - 00:57
User Badges:
  • Gold, 750 points or more

Hi,


This thread may help for a sample VPN configuration.


https://supportforums.cisco.com/docs/DOC-6215;jsessionid=31A7B6E1A5F31FB97749915C9F808EBD.node0


A few examples of configuring VPN can also be found here. It depends on the client you are using and if GRE is configured as to the option you choose.


http://www.cisco.com/en/US/products/hw/routers/ps380/prod_configuration_examples_list.html


It may not be a good idea to leave certain parts of your network unprotected by a firewall. These holes can be easily exploited by hackers.

bataviaphil Sun, 03/21/2010 - 04:21
User Badges:

I am not too sure if that will work.  Here is what is happening.  I am behind a C871

and I am trying to connect to another network with the Cisco VPN client to a PIX 515e, I can connect ok pit I am unable to ping any hosts on the other side.  When I turn off the fire wall then connect to the other network I can ping and see all the hosts.


Hope this help give you an insight as to why I am looking to do another VLan.

dhananjoy chowdhury Sun, 03/21/2010 - 04:40
User Badges:
  • Silver, 250 points or more

It seems the ios fw / CBAC is blocking some traffic.

You need to configure inspect the particular protocol (icmp, TCP, etc)

and also allow the traffic in the interface ACL for the Cisco client vpn to work.


If you can post the sanitized config of the 871 then it would give a better idea.

pompeychimes Sun, 03/21/2010 - 23:19
User Badges:
  • Bronze, 100 points or more

interface f?

switchport mode access

switchport access vlan ?

Actions

This Discussion