cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1946
Views
5
Helpful
6
Replies

Setting up VPN using 1861 behind an Actiontec Router

abknoc
Level 1
Level 1

I need to setup a vpn between our main office and a remote user using his verizon fios internet connection,

he uses this service for both data and TV. Verizon provided him an actiontech MI-424-WR router.

* Can I setup gre/ipsec tunnel behind the actiontec router using a Cisco a 1861 router?

* Will there be any configuration changes done on the actiontec router?

* any caveat?

The router in the main office will have a static external IP.

6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

Gerardo

A customer that I work with has set up lots of VPN connections to remote sites where the remote site is behind a cable network connection including actiontech routers. We are using the 1841 router but I would think that the 1861 would be able to do this without much problem.

As to the specific questions that you ask:

- We use GRE/IPSec tunnels and it works well.

- there should not be any configuration changes on the actiontech router.

- as far as caveats:

+ make sure that the image on the 1861 is the advanced security feature set or the advanced services feature set so that you get support for the encryption needed for VPN.

+ in our implementation we require that the remote site have a fixed IP address which allows each end of the VPN to uniquely specify its peer and allows either end of the VPN to initiate the connection. I assume that your user is getting an address via DHCP from the actiontech. This will mean that your head end will have to accept connection requests from anyone and authenticate to verify that it is an authorized request. And it will mean that the remote must initiate the connection.

If it is a single user at this remote location would it be feasible to set it up as a remote access VPN rather than a site to site VPN and to have the user use the VPN client which would eliminate the requirement for a router at the remote site?

HTH

Rick

HTH

Rick

Rick,

Thank you, your post is very helpful. To answer your questions:

* static ip is not possible, because the remote site is using fios tv.

* the site will have a single user but multiple devices, including a tandberg codec which we'll use for videoconferencing.

Gerardo

I expected that static ip might not be possible in your case. This just means that the head end will not be able to specifically identify the remote peer and must accept connection requests from anyone and use authentication to determine whether this is a legitimate peer.

If there are multiple devices at the remote then a site to site VPN certainly makes sense.

HTH

Rick

HTH

Rick

Thanks again.

Hi,

You might want to implement an Easy VPN Server/Client configuration that is more straight forward than a GRE/IPSEC behind NAT.

This way you don't need to open 0.0.0.0 with crypto isakmp for the preshared key.

Check:

http://cisco.com/en/US/products/hw/routers/ps221/prod_configuration_guide09186a008007cfa7.html

Rate if it helps.

Regards,

Daniel

Thanks, I'll read the material.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: