Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN3000 to Router IOS using IP negotiated at intf Router

When trying to connect a router which gets its IP address from the provider I dial in to, I want to connect to a VPN3000.

However when configuring LAN-to-LAN the VPN3000 expects me to have a fixed IP address at the router.

It uses this IP address as group name as it seems. With my IP address changing every time I dial in this is not a working solution as the VPN3000 doesn't find the group.

Now the other option could be to configure Remote-access client at the VPN3000 allowing the Router to connect. The router in that case should act as a VPN client but WITH using a Group parameter.

Does anyone know how to overcome the fact that the IOS router is NOT capable of using the Group value?

  • Other Security Subjects
3 REPLIES
Silver

Re: VPN3000 to Router IOS using IP negotiated at intf Router

Its sounds like you need a mode config sample. Try this http://www.cisco.com/warp/public/707/25.shtml

New Member

Re: VPN3000 to Router IOS using IP negotiated at intf Router

I haven't tried it myself but would this link help. It sounds like the same scenerio.

http://www.cisco.com/warp/public/471/vpn3k_iosdhcp.html

New Member

Re: VPN3000 to Router IOS using IP negotiated at intf Router

Thanks for this link!

I think that it is prety new because it was not there the time I tried to find a solution. However at that time a TAC engineer was already telling me this one.

I upgraded to 3.1.1 in where you can configure a base-group with a preshared key. This one will be used now for the routers trying to dial-in retrieving the address from a provider.

This is also to overcome the 'not knowing what a group is' of the IOS.

Tested it and it works!

One drawback there... All the routers will have to have to use the same preshared key now...

Finally I received some information that the IOS in it's roadmap (not official!) has a full Unity client compatibility. In that case you can distinguise the different routers through different configured groups and a preshared key per group.

That would be (to me) the nicest solution for this.

Again, thank you all.

96
Views
0
Helpful
3
Replies
This widget could not be displayed.