I'm pretty new to VPN stuff, and I'm not exactly an expert in cisco IOS, however, I have a 12.3 release of cisco IOS on a 2800 series router (couldn't give you the exact model atm because I'm not at work)
Anyway, as I understand the documentation, when I issue a crypto command, I should get an option for isakmp (which I do not.) I've been able to generate an RSA key for ssh access. if I don't have ISAKMP support, can someone point me to a configuration guide for VPN that doesn't use ISAKMP?
Solved! Go to Solution.
I believed your IOS version does not support IPSec/VPN security features. It could be running on IP or IPPlus only.
Issue the 'show version' command from the router CLI, and check the IOS version
Your IOS Router need to use/run on one of the following categories:
ADVANCED ENTERPRISE SERVICES
ADVANCED IP SERVICES
IP/ADSL/FW/IDS PLUS IPSEC 3DES
IP/ADSL/IPX/AT/IBM/FW/IDS PLUS IPSEC 3DES
Run IOS Upgrade Planner or Feature Navigator to look for the right IOS & required features:
Normally, router IOS supporting IPSec VPN allows you to configure/execute crypto isakmp and crypto ipsec command. If your router does not support isakmp command, you do not have any option to configure it.
You need to load IOS with IPSec feature. Otherwise, you have to use GRE.
Example on routers supporting IPSec VPN:
Thanks for all your help folks. I'll try to look up the stuff on GRE somewhere else (as I don't apparently have access with my account to view it.) However I believe it puts me on the right track.
Hi ..please be aware that by creating a GRE tunnel over the internet WITHOUT the encryption that protocols such as IPsec provides , then the data will traverse the Internet in clear text.
Yes, That could present a problem in the future, however when the data becomes important, I'm sure we'll buy a new image or product. For now, because we do own a couple of licenses for Windows server 2k3, I think I will use their solution. I've been playing with the nat configurations for this without success as of yet. I'll post more info possibly in a new thread.
I did want to mention that the help provided so far has been very good, and has pointed me in the right direction.
I took classes to become a CCNA (without success I might add) now that I'm actually applying what I actually know, I feel far more comfortable with Cisco products than I ever have. Thank you all very much