Cisco 887 Router and VPN

Answered Question
Feb 11th, 2011

Hi,

I've just bought a Cisco 887 Router and i've deployed it to replace my client's exisiting ADSL router. I've configured it using Cisco CP, and it's working properly. I'm trying to setup the router for VPN connectivity, so that the users who use laptops can work from outside our office. I've gone through the wizard to setup an Easy VPN Server for client access and I've setup the Pre-Shared Key and IP Range. I was trying to download the Easy VPN client the site says I need some sort of agreement to be added to our exisiting partnership account. I was able to find download links after some googling, but none of the clients, during connection setup ask for a Pre-Shared Key. So I know I'm going wrong somewhere.

I'm a newbie at this, so any kind of help would be really appreciated.

Thanks,

Arun

I have this problem too.
0 votes
Correct Answer by mayrojas about 3 years 2 months ago

Hi Arun,

Yes you need the cisco VPN Client in order to connect right?  When you click on New, a lot of fields display

Connection Entry

Description

And Host

The first two can be whatever you want, the Host has to be the IP of the router where the clients are going to connect.

Check where it says Group Authentication. Where it says Name go ahead and put the group name that you create for your EZVpn. Where it says password, thats where you use the pre-shared key.

Once you have those fileds done, you will be able to connect.

Hope it helps.

Mike

Correct Answer by coto.fusionet about 3 years 2 months ago

Arun,

You need to have a valid CCO account with download rights to get the VPN client.

If you already have the client you need to set the group name and password (pre-shared key) to connect.

Federico.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 4.8 (5 ratings)
Correct Answer
coto.fusionet Sat, 02/12/2011 - 07:17

Arun,

You need to have a valid CCO account with download rights to get the VPN client.

If you already have the client you need to set the group name and password (pre-shared key) to connect.

Federico.

Correct Answer
mayrojas Sat, 02/12/2011 - 07:25

Hi Arun,

Yes you need the cisco VPN Client in order to connect right?  When you click on New, a lot of fields display

Connection Entry

Description

And Host

The first two can be whatever you want, the Host has to be the IP of the router where the clients are going to connect.

Check where it says Group Authentication. Where it says Name go ahead and put the group name that you create for your EZVpn. Where it says password, thats where you use the pre-shared key.

Once you have those fileds done, you will be able to connect.

Hope it helps.

Mike

omnitechsys Wed, 02/16/2011 - 00:33

Thank you for the replies.

I was able to configure the client using the settings suggested.

For any other newbie who might be facing this issue like me,  I would like to note down the steps:

I'm setting up a Cisco 887 ISR where the internet facing interface is ADSL and this router is the main router for the LAN

Configure the Easy VPN server using Cisco Configuration Professional

1.Create a Loopback interface with IP address 10.10.10.10

2. Configure a Group Name along with a Pre-Shared Key.

3. I'm using a local user database for authentication by enabling AAA logins, so the user authentication is taken care of by the router.

for those who want to configure domain authentication, here's a link a found, but haven't tried yet.

http://www.blindhog.net/cisco-aaa-login-authentication-with-radius-ms-ias/

4. Setup an IP range in your network which is not under the common DHCP pool for your vpn clients

I was facing a problem with getting a VPN client for this setup, because my CCO login doesnt have a technical agreement attached to it, and I couldn't find any pointers as to how i can add it.

So I googled and found a few links where I could download it from

http://helpdesk.ugent.be/vpn/en/akkoord.php

But this VPN client could only be installed on 32 bit systems, except for the AnyConnect client , but that supports only SSL connections, for which I would have to purchase individual user licenses.

One option to install the 32 bit client on a 64 bit Windows 7 system , was to run the client in XP mode, and then do a NAT to the host computer. A little complicated but, apparently it works!

http://blogs.nil.com/blog/2009/05/28/64-bit-windows-7-cisco-vpn-client-and-xp-mode-part-2/

After some more googling, I found that Cisco did release a 64 bit VPN client , even though it was in beta.

I'm sorry that I'm not able to paste the link for this client, because when I looked for the download link now, it's been taken offline. I tried to find it again, but all I could find were torrents. They should work too, but I haven't tried them.

The version number for this client is Cisco VPN Client 5.0.07.0290 x64

Once the client is running, you can configure the connection by giving your group name as Name and the Pre-Shared Key as your password.

Once the router has connected, you will be asked for your user login. This is where the user database comes in.

Once you put in the correct user details, you're logged in!

Hope this helps anyone who finds this.

And once again thanks to everyone for their support.

Arun Raveendran

mayrojas Fri, 02/18/2011 - 20:43

Arun,

Thank you so much for taking your time in order to provide this detailed documentation. This is more important than you just posting this as resolved, but to have other people to use this post as a reference with your detailed explanation is really what we are looking for.

Cheers

Mike

Actions

Login or Register to take actions

This Discussion

Posted February 11, 2011 at 9:26 PM
Stats:
Replies:5 Avg. Rating:4.83333
Views:4133 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard