VPN3000 to Router IOS using IP negotiated at intf Router

jvulto · ‎10-25-2001

When trying to connect a router which gets its IP address from the provider I dial in to, I want to connect to a VPN3000.

However when configuring LAN-to-LAN the VPN3000 expects me to have a fixed IP address at the router.

It uses this IP address as group name as it seems. With my IP address changing every time I dial in this is not a working solution as the VPN3000 doesn't find the group.

Now the other option could be to configure Remote-access client at the VPN3000 allowing the Router to connect. The router in that case should act as a VPN client but WITH using a Group parameter.

Does anyone know how to overcome the fact that the IOS router is NOT capable of using the Group value?

smalkeric · ‎11-01-2001

Its sounds like you need a mode config sample. Try this http://www.cisco.com/warp/public/707/25.shtml

HEATH FREEL · ‎11-01-2001

I haven't tried it myself but would this link help. It sounds like the same scenerio.

http://www.cisco.com/warp/public/471/vpn3k_iosdhcp.html

jvulto · ‎11-02-2001

Thanks for this link!

I think that it is prety new because it was not there the time I tried to find a solution. However at that time a TAC engineer was already telling me this one.

I upgraded to 3.1.1 in where you can configure a base-group with a preshared key. This one will be used now for the routers trying to dial-in retrieving the address from a provider.

This is also to overcome the 'not knowing what a group is' of the IOS.

Tested it and it works!

One drawback there... All the routers will have to have to use the same preshared key now...

Finally I received some information that the IOS in it's roadmap (not official!) has a full Unity client compatibility. In that case you can distinguise the different routers through different configured groups and a preshared key per group.

That would be (to me) the nicest solution for this.

Again, thank you all.