cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
376
Views
4
Helpful
6
Replies

A simple VPN requirement

steve
Level 1
Level 1

I would like for someone to confirm that the equipment I have is suitable for creating a simple VPN.

Truth be known - I am beginning to struggle

I have:

ADSL connection with one fixed IP address to the WAN

An 827 ADSL router

A PIX 501

Cisco VPN client software

I would like:

to know how a VPN can be created from my laptop dialling to the Internet to a test LAN behind the PIX.

I want the PIX to be controlling VPN access and not the router

Configurations and diagrams would be most welcome.

I don't have resources to have TACACS and Radius stuff that all the documentation lists ad nauseam....basically if I want a secure but simple VPN solution do I look elsewhere other than Cisco??

regards

Steve

6 Replies 6

afakhan
Level 4
Level 4

Hi,

go to

http://www.cisco.com/warp/public/707/index.shtml#pix

and look for PIX and IPSec configurations, you can find tons of info. there for your ipsec config. on PIX.

Thanks

Afaq

Hi Afaq

Well, I have been trawling the Cisco web site for months, but to no avail for a down to earth explanation of how to make a Cisco VPN clinet dialup to the Internet and connect to a LAN .

As i said I have a PIX501 and also an 827 with IOS to run a VPN on that.

I just want to prove a point that Cisco can provide a VPN connection in this simple fashion, before my 3Com contact arrives with his VPN devices that he says are v simple to configure and makes me an offer to trade off the Cisco gear in return for 3Com.

I fear that there is no where on the Cisco site that actually demonstrates how to configure my simple requirement - have you seen anything that helps?

The route to my happines lies in:

VPN Client --- Internet --- 827 IOS --LAN access

Where do you want to terminate the vpn tunnel, on the router or the PIX?

Hi!

Definitely on the PIX501 for this scenario.

I want the 827ADSL router to pass thru VPN traffic.

If I can get the solution to work effectively, We will be able to offer this as a fairly cost effective solution to initially at least 6 SMEs who have broadband and whose director's want to be able to work from a home location as opposed to driving in to theie respective offices. SO there is money to be made by both sides here - meaning me and yourselves at Cisco.

To clarify, I have 1 static WAN IP address for the ATM interface on router, and an internal network 10.0.0.0 on the ethernet to the PIX which then by default has a 192.168.1 network on its inside interface.

cheers

Steve

Hi, Check out these two pages on the Cisco web site. The first one here shows how to pass VPN traffic through a router with another router, PIX or Concentrator behind it using the PAT address off the serial interface. Pay close attention to the IOS releases they are working with here to make sure you are runnning a version that is supported.

http://www.cisco.com/warp/public/471/ios_pat_ipsec_tunnel.html

This second page describes the PIX client to LAN config.

http://www.cisco.com/warp/public/110/pix3000.html

Hope this helps....

HI

Thanks for the sample configs.

I foresee a problem in joinng up the 2.

The PIX 501 has v6.1(4) on it. I have a client running 3.5.1 software (confused! is that this 3000 VPN client??)

Anyway, that client dials in to the internet and its IP address is always unknown to the PIX, because the user always moves about the country for example.

Forget the border router scenario for now, I use a ADSL modem that passes all traffic from the internet to the PIX.

That modem has an ethernet interface to the PIX which is 10.10.10.0 network and then the PIX has a 192.168.1.0 network on the inside.

I have tried the PIX configurations as on the samples but the client never connects to the VPN.

Can I ask, has anyone at Cisco ever done this before?

Sorry for being flippant but it seems that if my customers don't have megabucks to get in VPN concentrators etc etc, then they cannot have a Cisco solution. As I said the UK 3COM is coming week after next armed with OfficeConects and Superstack VPN boxes to show me and my engineers how its to be done easliy and simply - can you actually advise me my next step?

regards

Steve

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: