7200 as VPN Concentrator

Unanswered Question
Feb 7th, 2012
User Badges:


I have a 7206 as my MPLS PE.

I want to setup a remote ipsec vpn access to this and map to one of the mpls vpn/vrfs.

I will use a cisco vpn client on the remote site.

What is the minimum IOS for 7200 to run IPSEC. I find the old 12.2(31) SB16 dont have "crypto" configurations.

Also any documentation how i can configured the 7200 to match with the cisco vpn client software?

I'm trying to explore the vrf-aware ipsec but Im not sure it this will work with the cisco vpn client.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
paolo bevilacqua Tue, 02/07/2012 - 05:23
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

First of all you should consider buying a crypto module for your router, otherwise it will not really work or perform very well.

ar Tue, 02/14/2012 - 23:55
User Badges:

Yeah I will include the module accelerator.

I'm concerned more of how to configure the 7200 as VPN concentrator for remote sites (dial-up with unknown public ip).

Also would like to use SSL.

Remote site will either use cisco or microsoft vpn clients....

Any good documentation for this?

paolo bevilacqua Fri, 02/17/2012 - 03:16
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Plenty, and just a search click away

Come back anytime if you have specific questions...

ar Fri, 02/17/2012 - 07:31
User Badges:

yeah many.

Though I havent seen a solid document for vrf-aware ipsec combining dynamic-maps at static crypto peers.

I managed to test site-to-site and its working. I tested IPSEC to MPLS VPN connection.

Now I want to test dynamic-maps where the VPN concentrator will set peer as

It's not working on my tests.

Any good docs for combining dynamic/static maps in one interface crypto-map?


This Discussion