Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco 857 connect DLink DI808H to internet

Hello Netpro, could you here help me out?

We have 3 shops, the 2 branches connect to the main one by VPN on the POS system. At the main shop we have DI808H router and DSL-302G ADSL modem. They are working ok, but DSL-302G not so stable, sometimes drops off internet connection. So we bought this Cisco 857 for replacement of the modem, but I cannot make the VPN working. Can someone here help me?

Kind regards,

Jason

3 REPLIES
New Member

Re: Cisco 857 connect DLink DI808H to internet

Can you provide your configs and any kind of vpn debug output? Are you able to connect to the internet using the 857?

New Member

Re: Cisco 857 connect DLink DI808H to internet

Hi Mgaysek, thanks for your reply.

Yes, it can connect to internet from 857 even from behind DI808H without problem. Looks NAT configuration working. Not sure if IP for DI808 in DMZ can solve my problem or not, and I don't know how to configure an ip in DMZ on 857.

I cannot reach the 857 at this minute, will send you the config later.

Thanks again for your help, i appreciate your time.

Jason

New Member

Re: Cisco 857 connect DLink DI808H to internet

Am I understanding correctly that the VPN is IPSEC from the POS device itself using the built in Windows or Linux IPSEC support (Rather than using IPSEC on the router) ?

Also, does the router NAT the internal network behind a single internet IP ?

Most off the shelf ADSL routers designed for home and small office use (like DLINK) autodetect devices on the internal network using IPSEC and modify their behaviour accordingly in the above scenario.

I'm assuming that on C857 you have configured NAT overload to hide your internal network behind a single IP on the internet. This has the effect of creating a dynamic NAT entry each time you initiate a connection from the inside network towards the internet, but this does not happen in the opposite direction.

The router would have no idea where to send unsolicited inbound IPSEC traffic, so to get IPSEC VPN to work you need to add additional NAT configuration to send all inbound VPN related traffic sent to your public IP (ISAKMP, AH and ESP) to your POS device's internal IP.

Another option is to move the IPSEC to the router (assuming it has an IPSEC IOS image).

Please let me know if I misunderstood your setup, or this is not clear... I'm not sure I explained it very well.

207
Views
0
Helpful
3
Replies
CreatePlease to create content