Easy VPN with 881G

Unanswered Question
Apr 8th, 2010

Hi All,

I have 881G router and wireless internet connection will be activate with 3G.
Now I have to establish the communication between this new site to our DC.
But there is no any static public IP.

Can some one have any ideas how can achive this.

My manager said, we can make easy VPN with 881G behind DSL (without public static IP). And also we can do dynamic DNS.

This is first time I am hearing. Experts can anyone help me with easy VPN and dynamic DNS please

Regards,

Naidu.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Thu, 04/08/2010 - 03:29

Hello Naidu,

>> But there is no any static public IP.

A dynamic crypto map can be used for this with IPSec

! shared key between dynamic peers

crypto isakmp key !xxxyyhdddw! address 0.0.0.0 0.0.0.0

crypto dynamic-map VPN_DYN 10
set transform-set 3DES
match address 133
reverse-route
crypto dynamic-map VPN_DYN 20
description --- Dir. XX---
set transform-set 3DES
match address 146
reverse-route
crypto dynamic-map VPN_DYN 30
description --- Dir. YY---
set transform-set AES256
match address 117
reverse-route

the dynamic crypto map can be made of multiple blocks as shown above and then is invoked as last block in a regular crypto map:

! last block of peers with static IP address

crypto map VPN_MAP 1160 ipsec-isakmp
description --- Screening 2010 ---
set peer X.Y.146.105
set transform-set AES128
match address 121
reverse-route

! dynamic crypto invoked as last block
crypto map VPN_MAP 65000 ipsec-isakmp dynamic VPN_DYN
!

Hope to help

Giuseppe

Rate useful posts to help Haiti

Latchum Naidu Thu, 04/08/2010 - 03:49

Hi Giuseppe,

Thanks for your response.

Shall I put the below configuration on 881G?

The other end at DC we have ASA5520.

Can you please explain me briefly how it will work as I am entirely new to this.

Regards,

Naidu.

Giuseppe Larosa Thu, 04/08/2010 - 04:42

Hello Naidu,

sorry for confusion:

the config template is for the central site device

the 881G can use a static crypto map because public ip address of HQ device is fixed (key point)

note: this is not an Easy VPN configuration but a normal IPSec configuration where dynamic crypto map is used on HQ site to support peers with dynamic public IP address.

The configuration I've reported is in production on our network and allows to support multiple peers with dynamic IP address

Compare this with Easy VPN config examples that have been provided by Lei.

For Easy VPN between an ASA and a router you can also look at the config example

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080809222.shtml

Hope to help

Giuseppe

Rate useful posts to help Haiti

Latchum Naidu Fri, 04/09/2010 - 02:38

Hi Giuseppe,

I will follow this configuration and see how it will work and let you know the status.

Once again thank you so much for your guide.

Regards,

Naidu.

Actions

This Discussion