10-25-2001 08:37 AM - edited 03-08-2019 08:56 PM
When trying to connect a router which gets its IP address from the provider I dial in to, I want to connect to a VPN3000.
However when configuring LAN-to-LAN the VPN3000 expects me to have a fixed IP address at the router.
It uses this IP address as group name as it seems. With my IP address changing every time I dial in this is not a working solution as the VPN3000 doesn't find the group.
Now the other option could be to configure Remote-access client at the VPN3000 allowing the Router to connect. The router in that case should act as a VPN client but WITH using a Group parameter.
Does anyone know how to overcome the fact that the IOS router is NOT capable of using the Group value?
11-01-2001 06:47 AM
Its sounds like you need a mode config sample. Try this http://www.cisco.com/warp/public/707/25.shtml
11-01-2001 10:40 AM
I haven't tried it myself but would this link help. It sounds like the same scenerio.
11-02-2001 01:15 AM
Thanks for this link!
I think that it is prety new because it was not there the time I tried to find a solution. However at that time a TAC engineer was already telling me this one.
I upgraded to 3.1.1 in where you can configure a base-group with a preshared key. This one will be used now for the routers trying to dial-in retrieving the address from a provider.
This is also to overcome the 'not knowing what a group is' of the IOS.
Tested it and it works!
One drawback there... All the routers will have to have to use the same preshared key now...
Finally I received some information that the IOS in it's roadmap (not official!) has a full Unity client compatibility. In that case you can distinguise the different routers through different configured groups and a preshared key per group.
That would be (to me) the nicest solution for this.
Again, thank you all.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide