×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

A simple VPN requirement

Unanswered Question

I would like for someone to confirm that the equipment I have is suitable for creating a simple VPN.

Truth be known - I am beginning to struggle

I have:

ADSL connection with one fixed IP address to the WAN

An 827 ADSL router

A PIX 501

Cisco VPN client software


I would like:

to know how a VPN can be created from my laptop dialling to the Internet to a test LAN behind the PIX.

I want the PIX to be controlling VPN access and not the router

Configurations and diagrams would be most welcome.

I don't have resources to have TACACS and Radius stuff that all the documentation lists ad nauseam....basically if I want a secure but simple VPN solution do I look elsewhere other than Cisco??


regards

Steve

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.

Hi Afaq

Well, I have been trawling the Cisco web site for months, but to no avail for a down to earth explanation of how to make a Cisco VPN clinet dialup to the Internet and connect to a LAN .

As i said I have a PIX501 and also an 827 with IOS to run a VPN on that.

I just want to prove a point that Cisco can provide a VPN connection in this simple fashion, before my 3Com contact arrives with his VPN devices that he says are v simple to configure and makes me an offer to trade off the Cisco gear in return for 3Com.

I fear that there is no where on the Cisco site that actually demonstrates how to configure my simple requirement - have you seen anything that helps?

The route to my happines lies in:

VPN Client --- Internet --- 827 IOS --LAN access

mike-greene Fri, 09/20/2002 - 09:20
User Badges:
  • Bronze, 100 points or more

Where do you want to terminate the vpn tunnel, on the router or the PIX?

Hi!

Definitely on the PIX501 for this scenario.

I want the 827ADSL router to pass thru VPN traffic.

If I can get the solution to work effectively, We will be able to offer this as a fairly cost effective solution to initially at least 6 SMEs who have broadband and whose director's want to be able to work from a home location as opposed to driving in to theie respective offices. SO there is money to be made by both sides here - meaning me and yourselves at Cisco.


To clarify, I have 1 static WAN IP address for the ATM interface on router, and an internal network 10.0.0.0 on the ethernet to the PIX which then by default has a 192.168.1 network on its inside interface.


cheers

Steve

mike-greene Sun, 09/22/2002 - 18:45
User Badges:
  • Bronze, 100 points or more

Hi, Check out these two pages on the Cisco web site. The first one here shows how to pass VPN traffic through a router with another router, PIX or Concentrator behind it using the PAT address off the serial interface. Pay close attention to the IOS releases they are working with here to make sure you are runnning a version that is supported.


http://www.cisco.com/warp/public/471/ios_pat_ipsec_tunnel.html


This second page describes the PIX client to LAN config.


http://www.cisco.com/warp/public/110/pix3000.html


Hope this helps....



HI

Thanks for the sample configs.

I foresee a problem in joinng up the 2.

The PIX 501 has v6.1(4) on it. I have a client running 3.5.1 software (confused! is that this 3000 VPN client??)

Anyway, that client dials in to the internet and its IP address is always unknown to the PIX, because the user always moves about the country for example.

Forget the border router scenario for now, I use a ADSL modem that passes all traffic from the internet to the PIX.

That modem has an ethernet interface to the PIX which is 10.10.10.0 network and then the PIX has a 192.168.1.0 network on the inside.

I have tried the PIX configurations as on the samples but the client never connects to the VPN.

Can I ask, has anyone at Cisco ever done this before?

Sorry for being flippant but it seems that if my customers don't have megabucks to get in VPN concentrators etc etc, then they cannot have a Cisco solution. As I said the UK 3COM is coming week after next armed with OfficeConects and Superstack VPN boxes to show me and my engineers how its to be done easliy and simply - can you actually advise me my next step?

regards

Steve

Actions

This Discussion