Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

831 router as Hardware VPN Client to 3000 Concentrator?

We have successfully used a PIX 501 (on a broadband connetion) as a hardware VPN client to our corporate 3000 Concentrator. Our 3000 Concentrator is setup for Radius IPSec Authentication an Remote Access Tunnel Type.

We're trying to get an 831 router to perform the same type of authentication like the PIX 501. Below is 2 lines from our PIX 501 config:

vpnclient vpngroup MYGROUPNAME password ********

vpnclient username MYUSERNAME password ********

It seems like the 831 will not allow this Remote Access Session, only a LAN-to-LAN session. Is this right? Can someone show me a sample of your config with the 831 as a hardware VPN client to the 3000 Concentrator?

Cisco Employee

Re: 831 router as Hardware VPN Client to 3000 Concentrator?

Here's a sample config for you:

The big difference with the PIX and IOS EzVPN configs is that IOS currently can't save the username and password, it has to be manually entered (as shown in the sample config debug) each time you want to bring the tunnel up. The saving of usernames is coming in a later release, but it's not available as yet.

New Member

Re: 831 router as Hardware VPN Client to 3000 Concentrator?

Thanks for the link. Hopefully you (or anyone else) can help me with this. I followed every step, but I still can't a get a VPN connection. When I try "crypto ipsec client ezvpn xauth ", the result I get "EZVPN(FIRMVPN): There are no pending Xauth Requests"

Here is my config:

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption


hostname Router


no logging console


ip subnet-zero

no ip domain lookup

ip name-server


ip dhcp pool DHCP-Pool






ip audit notify log

ip audit po max-events 100

vpdn enable


vpdn-group sbc-pppoe


protocol pppoe

local name DSLUSERNAME







crypto ipsec client ezvpn FIRMVPN

connect auto


local-address Ethernet0

mode client

peer (Concentrator's outside IP)





interface Ethernet0

description Inside Interface

ip address

ip nat inside

crypto ipsec client ezvpn FIRMVPN inside

hold-queue 100 out


interface Ethernet1

description SBC ADSL Interface

no ip address

pppoe enable

pppoe-client dial-pool-number 1

crypto ipsec client ezvpn FIRMVPN


interface Dialer0

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp pap sent-username DSLUSERNAME password DSLPASSWORD


ip nat inside source list 1 interface Dialer0 overload

ip classless

ip route Dialer0

ip http server



access-list 1 permit

dialer-list 1 protocol ip permit


line con 0

no modem enable

stopbits 1

line aux 0

stopbits 1

line vty 0 4



scheduler max-task-time 5000



CreatePlease login to create content