Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
315
Views
0
Helpful
2
Replies

831 router as Hardware VPN Client to 3000 Concentrator?

orebollido
Level 1
Level 1

‎07-08-2003 02:32 PM - edited ‎02-21-2020 12:39 PM

We have successfully used a PIX 501 (on a broadband connetion) as a hardware VPN client to our corporate 3000 Concentrator. Our 3000 Concentrator is setup for Radius IPSec Authentication an Remote Access Tunnel Type.

We're trying to get an 831 router to perform the same type of authentication like the PIX 501. Below is 2 lines from our PIX 501 config:

vpnclient vpngroup MYGROUPNAME password ********

vpnclient username MYUSERNAME password ********

It seems like the 831 will not allow this Remote Access Session, only a LAN-to-LAN session. Is this right? Can someone show me a sample of your config with the 831 as a hardware VPN client to the 3000 Concentrator?

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎07-08-2003 10:35 PM

Here's a sample config for you:

http://www.cisco.com/warp/public/471/vpn_ios_ezvpn.html

The big difference with the PIX and IOS EzVPN configs is that IOS currently can't save the username and password, it has to be manually entered (as shown in the sample config debug) each time you want to bring the tunnel up. The saving of usernames is coming in a later release, but it's not available as yet.

0 Helpful

orebollido
Level 1
Level 1
In response to gfullage

‎07-10-2003 07:38 AM

Thanks for the link. Hopefully you (or anyone else) can help me with this. I followed every step, but I still can't a get a VPN connection. When I try "crypto ipsec client ezvpn xauth ", the result I get "EZVPN(FIRMVPN): There are no pending Xauth Requests"

Here is my config:

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Router

!

no logging console

!

ip subnet-zero

no ip domain lookup

ip name-server 206.13.28.12

!

ip dhcp pool DHCP-Pool

network 10.10.10.0 255.255.255.0

domain-name firmdomain.com

dns-server 206.13.28.12

default-router 10.10.10.1

!

ip audit notify log

ip audit po max-events 100

vpdn enable

!

vpdn-group sbc-pppoe

request-dialin

protocol pppoe

local name DSLUSERNAME

!

!

!

!

!

!

crypto ipsec client ezvpn FIRMVPN

connect auto

group GROUPNAME key GROUPPASSWORD

local-address Ethernet0

mode client

peer xxx.xxx.xxx.xxx (Concentrator's outside IP)

!

!

!

!

interface Ethernet0

description Inside Interface

ip address 10.10.10.1 255.255.255.0

ip nat inside

crypto ipsec client ezvpn FIRMVPN inside

hold-queue 100 out

!

interface Ethernet1

description SBC ADSL Interface

no ip address

pppoe enable

pppoe-client dial-pool-number 1

crypto ipsec client ezvpn FIRMVPN

!

interface Dialer0

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp pap sent-username DSLUSERNAME password DSLPASSWORD

!

ip nat inside source list 1 interface Dialer0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

ip http server

!

!

access-list 1 permit 10.0.0.0 0.255.255.255

dialer-list 1 protocol ip permit

!

line con 0

no modem enable

stopbits 1

line aux 0

stopbits 1

line vty 0 4

login

!

scheduler max-task-time 5000

end

Router#

0 Helpful
Customers Also Viewed These Support Documents