×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Lost in CISCO VPN Land

Unanswered Question

I am the systems admin for my company. We have need for our external sales reps to access our home network via the internet globally. A couple of months ago, I was reading documentation of Cisco routers and it appeared the 1720 was capable of standalone vpn access. What I mean is the vpn connection could be independent of the physical connection of any ISP. Did I mis-interpret this? I have been attempting to configure this router as a termination point for vpn connections without success. I have a good background in networking and have been able to establish vpn connections via NT with PPTP, but this not my preferred access. I recommended the 1720 to my company for the ability to do l2tp and incorporate the VPN module for faster

encrytion and decryption, but I am about ready to pull it out. I have been thru your website extensively for help as well as the documentation set that came with the router but to little avail? The version of the IOS is 12.0(3)T. Any ideas as to waht I need to do next or what I may be failing to do? If necessary, I can send my configs for evaluation. I wish to start with a simple configuration of just getting the users connected. Thanks for any help!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
wdrootz Tue, 02/13/2001 - 14:41
User Badges:
  • Bronze, 100 points or more

I’m not quite sure what you are trying to encrypt here. If you are trying to encrypt between hosts on your LAN the router will never get the packet. Can you describe your scenario/topology and design plan in detail?

jloyd Thu, 02/15/2001 - 10:00
User Badges:

I'm in the same boat. The available documentation is often contradictory and incomplete. What I want and what I believe you want is the common configuration where users in the field can connect to the internet by any means (a clients LAN or ANY ISP dialup) and VPN into our corporate LAN. Most of the documentation I find is for connecting two routers together with VPN. And this appears to be the only configuration ConfigMaker supports. Additionaly, I would like to know if the MS VPN client will work or if I have to buy yhte Cisco VPN client.

millerv Fri, 02/16/2001 - 12:39
User Badges:

pix might be a better solution. You want to terminate

n number of secure tunnels (l2p pptp..) at one spot.

my impression of the 1720 (however twisted) is that

it is an edge device.

jfranklin Thu, 03/08/2001 - 15:03
User Badges:

The 1720 will definetly do it. But you have to be careful the configuration of IPSEC is a complicated process. You will want to use the Cisco VPN Client software to connect back to the router. You will also have to have a routable static IP address on the 1720. One thing to consider is that if you are only connecting to individual "roaming" PC's then Cisco make a VPN 3000 concentrator that is much easier to configure for the "roaming" pc user.

Remember IPSEC is not for the faint of heart. There are many considerations that need to be looked at. Sometimes if you have a home user that has a small network behind an analog, ISDN, or DSL router that is doing PAT (one public IP translated from many private IP's) it will not work. Also some brands of SOHO routers will not allow you to support a VPN connection. If every PC is dialing direct to the internet you shouldn't have a problem.

I'll echo that. The software you'll need to setup vpn on that router costs $1400US, and it probably wouldn't hurt to upgrade it to 48MB RAM, another $1000 (List...). Then you have to buy the $200 client license for the client software, we're up to $2600 List.


And the CiscoSecure VPN client is yukky.


The cvpn 3000 lists for $4000.


Pro's/cons?

3000 is EASY to setup and to manage

If you have NT in your network, you CAN authenticate against the NT database (you'll want convoluted passwords)

the 3des client software for it is VERY good (and free)

you won't have to fight with it to get it working

doesn't muck up CPU or memory in your router

looks cool


con:costs a little more

Actions

This Discussion