Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN on 877w router - Where to start

Hi all,

I am very new in Cisco and hope you could give some advice. Our office uses Cisco 877W via ADSL2+ connection. Wireless, DHCP, firewall are working ok. We have a Windows 2003 Server as a file server. The boss wants to VPN from home to access the files. I have used SDM to try setup VPN then used VPN Client to test from home but it didn't work. My questions are:

1. I believe the 877w router supports Easy VPN server. Do I need to set the Windows 2003 Server as a VPN server?

2. Is there a step-by-step official instruction to do this? I read the manual but I don't know how to customised those instructions for our case.

3. There is a D-link at the other side (i.e. at home). Do I need to set up port-forwarding or anything like that?

Thank you,

Triet

17 REPLIES
New Member

Re: VPN on 877w router - Where to start

Here is the current config. Thanks.

New Member

Re: VPN on 877w router - Where to start

Greetings Triet,

First of all, you need to have a Static IP on your ADSL connection to create a VPN.

Second, it would be a good idea to configure VPN on Cisco router rather than on Windows Server because you need to know a hell lot of details about port forwarding which is as tricky as configuring VPN on router.

Third, look at the below link for instructions on how to configure Cisco Router as VPN server:

http://www.cisco.com/en/US/products/hw/routers/ps274/products_configuration_example09186a00806ad10e.shtml

D-Link at your boss's home should work fine, let me know.

Also, dont forget to rate this post if you find it helpful....

Cheers,

Haroon

New Member

Re: VPN on 877w router - Where to start

Thank you Haroon,

I have follow the instructions, the connection seems working fine. I can get an IP address from VPN server, I can ping the router IP addresses (both internal and external-WAN address). Other than that, I can't do anything else. Please find the statistic windows attached.

I tried the following:

- ping to a server in the office - FAIL

- ping www.cisco.com - FAIL

- ping to an external DNS - FAIL

- ipconfig /all shows that DHCP is disabled in the Cisco VPN Adapter

- the number of encrypted packets is much higher compared to the decrypted. When I continuously ping the router IP, the number of decrypted gets higher.

Could you please give some advice?

Thank you,

Triet

New Member

Re: VPN on 877w router - Where to start

Can you post the config?

Also, please copy the config from the console window and post it. Because the config copied from the router's memory is not readable properly.

New Member

Re: VPN on 877w router - Where to start

Thank you for your prompt reply. Please find the config attached. I used SDM to setup VPN twice, so there may be some duplication.

Triet

New Member

Re: VPN on 877w router - Where to start

Enter the following commands and check it out:

config terminal

no access-list 100

access-list 100 remark Access list for NAT Traffic

access-list 100 deny ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255

access-list 100 permit ip any any

no ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload

ip nat inside source list 100 interface Dialer0 overload

This should prevent traffic between VPN clients and internal LAN from NATing.

Also, make sure the default gateway of internal LAN systems is set to 10.1.1.254 (internal ip of router)

* Rate this post if it helps

New Member

Re: VPN on 877w router - Where to start

Thank you, Haroon.

I have made the changes but I have to go home to test it out. By the way, can I stay inside the LAN and VPN back into itself? If it is possible, I can test it out now. I use Cisco VPN Client to connect, it says "Contacting the security gateway at xx.xx.xx.xx...." then disconnects. While at home, it is ok.

You are right about the default gateway, when I did ipconfig, the default gateway and the IP address (assigned by VPN server) were the same. I don't know where I can change it. Also if the PC address is in 10.1.2.x subnet, will it accepts the default gateway of 10.1.1.254?

Thank you.

Triet

New Member

Re: VPN on 877w router - Where to start

I think you might have to go home and check it out.

But you dont have to change anything on VPN client. You have to change the default ip address of the clients behind the router (at office) to 10.1.1.254 (I believe they are wireless users).

Regarding VPN clients, your ip address and default gateway will be the same after you connect to VPN server. That is correct.

New Member

Re: VPN on 877w router - Where to start

I will let you know as soon as I try it.

Yes, I have checked default gateway in the clients at the office, they are all 10.1.1.254.

Thanks again,

Triet

New Member

Re: VPN on 877w router - Where to start

Hi Haroon,

The problem is still there. I can connect to the VPN Server (i.e. router) but I can not do anything else, neither surf the net nor connect to the file server. What do you think I should try please? Thank you.

Triet

New Member

Re: VPN on 877w router - Where to start

Can you post the full config again?

New Member

Re: VPN on 877w router - Where to start

Here it is. I hope I did the right things :)

Thank you,

Triet

New Member

Re: VPN on 877w router - Where to start

Hey,

I have attached the configuration file.

Black Text - Dont change

Red Text - Remove the config lines

Blue Text - Remove them temporarily

And try the vpn configuration again using SDM

Make sure you configure with below settings:

VPN pool: 10.1.2.1 - 10.1.2.254

Local LAN: 10.1.1.0/24

You might also need to set your nat statements as:

ip nat inside source list 100 interface Dialer0 overload

access-list 100 remark Access list for NAT Traffic

access-list 100 deny ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255

access-list 100 permit ip any any

* Please rate this post if its helpful

New Member

Re: VPN on 877w router - Where to start

Sorry, missed the config file.

New Member

Re: VPN on 877w router - Where to start

Hi Haroon,

Sorry for the late reply, I was busy because our office installs a VoIP system.

I have made the changes for the VPN as instructed. I can now access local resources (SDM, file sharing and applications on server). However the Internet access does not work. When I ping, it only resovles from name to IP address and timeout.

When copying the config to post here, the command "copy run tftp" did not work, it times out. I think one of the ACL prevents it.

Another question: can I ping from Cisco CLI? I issued ping command to a local IP and an Internet IP, none works.

Geez, it is getting weirder :(

Thank you for your help.

Triet

New Member

Re: VPN on 877w router - Where to start

Hi Haroon,

Everything is working well now. I did not change anything in the router, maybe the firewall in my laptop blocks it.

Thank you for your help.

Trist

New Member

Re: VPN on 877w router - Where to start

Great News,

* Dont forget to rate my posts though

193
Views
8
Helpful
17
Replies
CreatePlease login to create content