Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

831 router as Hardware VPN Client to 3000 Concentrator?

We have successfully used a PIX 501 (on a broadband connetion) as a hardware VPN client to our corporate 3000 Concentrator. Our 3000 Concentrator is setup for Radius IPSec Authentication an Remote Access Tunnel Type.

We're trying to get an 831 router to perform the same type of authentication like the PIX 501. Below is 2 lines from our PIX 501 config:

vpnclient vpngroup MYGROUPNAME password ********

vpnclient username MYUSERNAME password ********

It seems like the 831 will not allow this Remote Access Session, only a LAN-to-LAN session. Is this right? Can someone show me a sample of your config with the 831 as a hardware VPN client to the 3000 Concentrator?

2 REPLIES
Cisco Employee

Re: 831 router as Hardware VPN Client to 3000 Concentrator?

Here's a sample config for you:

http://www.cisco.com/warp/public/471/vpn_ios_ezvpn.html

The big difference with the PIX and IOS EzVPN configs is that IOS currently can't save the username and password, it has to be manually entered (as shown in the sample config debug) each time you want to bring the tunnel up. The saving of usernames is coming in a later release, but it's not available as yet.

New Member

Re: 831 router as Hardware VPN Client to 3000 Concentrator?

Thanks for the link. Hopefully you (or anyone else) can help me with this. I followed every step, but I still can't a get a VPN connection. When I try "crypto ipsec client ezvpn xauth ", the result I get "EZVPN(FIRMVPN): There are no pending Xauth Requests"

Here is my config:

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Router

!

no logging console

!

ip subnet-zero

no ip domain lookup

ip name-server 206.13.28.12

!

ip dhcp pool DHCP-Pool

network 10.10.10.0 255.255.255.0

domain-name firmdomain.com

dns-server 206.13.28.12

default-router 10.10.10.1

!

ip audit notify log

ip audit po max-events 100

vpdn enable

!

vpdn-group sbc-pppoe

request-dialin

protocol pppoe

local name DSLUSERNAME

!

!

!

!

!

!

crypto ipsec client ezvpn FIRMVPN

connect auto

group GROUPNAME key GROUPPASSWORD

local-address Ethernet0

mode client

peer xxx.xxx.xxx.xxx (Concentrator's outside IP)

!

!

!

!

interface Ethernet0

description Inside Interface

ip address 10.10.10.1 255.255.255.0

ip nat inside

crypto ipsec client ezvpn FIRMVPN inside

hold-queue 100 out

!

interface Ethernet1

description SBC ADSL Interface

no ip address

pppoe enable

pppoe-client dial-pool-number 1

crypto ipsec client ezvpn FIRMVPN

!

interface Dialer0

ip address negotiated

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp pap sent-username DSLUSERNAME password DSLPASSWORD

!

ip nat inside source list 1 interface Dialer0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

ip http server

!

!

access-list 1 permit 10.0.0.0 0.255.255.255

dialer-list 1 protocol ip permit

!

line con 0

no modem enable

stopbits 1

line aux 0

stopbits 1

line vty 0 4

login

!

scheduler max-task-time 5000

end

Router#

146
Views
0
Helpful
2
Replies
CreatePlease login to create content