Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Bronze

Creating L2L Tunnel to IOS Endpoint

Hey All,

Quick questions. I've been reviewing the guides on Cisco and have yet to find an example of what I'm looking for. The scenario is that there will be a client device that uses DHCP on the WAN side. This device can authenticate using IPSec to a VPN termination device. On our hub end we want to use a Cisco IOS router to terminate the connection. My question is that this will not be exactly a L2L tunnel, the endpoint has a configuration to build in a username to authenticate with. So it appears the tunnel with authenticate using a username a pre-shared key, rather than PSK and configured remote IP address (since this is DHCP). I've found an example of this on Cisco here: http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00800ae459.shtml. Unfortunately the example is from an IOS DHCP endpoint to a 3000-series concentrator. Anyone have a config example of what I'm looking for?

-Mike

http://cs-mars.blogspot.com

5 REPLIES
Cisco Employee

Re: Creating L2L Tunnel to IOS Endpoint

Mike,

When you say client device. Is it like a router or is it a PC.

If it is a PC, take a look at this link

Link:1

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2308/products_configuration_example09186a00801c4246.shtml

If it is a device like a router or so, you need to configure the router just like one in the link given above

Link2:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800945cf.shtml

But the server part is like Link 1.

Hope this helps.

Here is a good link for configuration of VPN on Cisco devices.

http://www.cisco.com/en/US/partner/tech/tk583/tk372/tech_configuration_examples_list.html

Rate this post, if it helps.

Thanks

Gilbert

Bronze

Re: Creating L2L Tunnel to IOS Endpoint

Gilbert,

I'll go through the docs above. Thanks for the links. The client device is a junxion cellular endpoint (www.junxion.com). Says it's compatible with Cisco VPN endpoint, but I see no configuration guidelines. I'm going to throw it in the lab today and play with it. Check out the VPN configuration at the above link to see if you can get a better idea of what the Junxion is looking for.

-Mike

http://cs-mars.blogspot.com

Cisco Employee

Re: Creating L2L Tunnel to IOS Endpoint

Mike,

Is this device capable of creating an IPSec Lan to Lan connection. If so, then you might want to do that. I do not know if this device will be capable of doing a Hardware Client IPSec tunnel.

Hardware Client IPSec tunnel which is also called as EzVPN tunnel.

Cheers,

Gilbert

Bronze

Re: Creating L2L Tunnel to IOS Endpoint

Gilbert,

Looks li ke it will only do client-based VPN connectivity. In the lab I have the endpoint talking to the IOS router. I created a JUNXION group with a pre-shared key. When I look in the logs I see the client attempt a connect, but it does match with the JUNXION group. Is there a way to make this group the default group (or create a new one)? I know this can be done on the concentrator.

-Mike

Cisco Employee

Re: Creating L2L Tunnel to IOS Endpoint

Mike,

Can you send me the config of the router please.

To answer your question, yes you can have a group by the name of JUNXION on the Cisco IOS router with pre-shared key.

Let me know.

Cheers,

Gilbert

103
Views
20
Helpful
5
Replies
CreatePlease to create content