We have 3 shops, the 2 branches connect to the main one by VPN on the POS system. At the main shop we have DI808H router and DSL-302G ADSL modem. They are working ok, but DSL-302G not so stable, sometimes drops off internet connection. So we bought this Cisco 857 for replacement of the modem, but I cannot make the VPN working. Can someone here help me?
Yes, it can connect to internet from 857 even from behind DI808H without problem. Looks NAT configuration working. Not sure if IP for DI808 in DMZ can solve my problem or not, and I don't know how to configure an ip in DMZ on 857.
I cannot reach the 857 at this minute, will send you the config later.
Thanks again for your help, i appreciate your time.
Am I understanding correctly that the VPN is IPSEC from the POS device itself using the built in Windows or Linux IPSEC support (Rather than using IPSEC on the router) ?
Also, does the router NAT the internal network behind a single internet IP ?
Most off the shelf ADSL routers designed for home and small office use (like DLINK) autodetect devices on the internal network using IPSEC and modify their behaviour accordingly in the above scenario.
I'm assuming that on C857 you have configured NAT overload to hide your internal network behind a single IP on the internet. This has the effect of creating a dynamic NAT entry each time you initiate a connection from the inside network towards the internet, but this does not happen in the opposite direction.
The router would have no idea where to send unsolicited inbound IPSEC traffic, so to get IPSEC VPN to work you need to add additional NAT configuration to send all inbound VPN related traffic sent to your public IP (ISAKMP, AH and ESP) to your POS device's internal IP.
Another option is to move the IPSEC to the router (assuming it has an IPSEC IOS image).
Please let me know if I misunderstood your setup, or this is not clear... I'm not sure I explained it very well.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :