cancelar
Mostrar resultados para 
Pesquisar em vez de 
Queria dizer: 
cancel
7579
Apresentações
51
Útil
66
Respostas

VPN on ISR 1802

ANTONIO DEUS
Level 1
Level 1

Olá,

Será possível configurar o router ISR 1802 com VPN, em que este equipamento possa autenticar e autorizar os utilizador sem necessitar de um elemento como  por exemplo Cisco VPN 3000?

Será possível usar AD (Windows Autthentication) ou RADIUS para autenticar os utilizadores por VPN em vez do Cisco VPN 3000? E neste caso como configurar o router?

Obrigado,

António

66 RESPOSTAS 66

You can change your inspection policy on the router, so remove these three lines.

no ip inspect name FW tcp

no ip inspect name FW udp

no ip inspect name FW icmp

and go more specific to protocol itself as shown below.

ip inspect name FW match protocol ftp

ip inspect name FW match protocol http

ip inspect name FW match protocol https

ip inspect name FW match protocol icmp

ip inspect name FW match protocol dns

ip inspect name FW match protocol ymsgr

ip inspect name FW match protocol realmedia

ip inspect name FW match protocol netshow

ip inspect name FW match protocol appleqtc

ip inspect name FW match protocol streamworks

ip inspect name FW match protocol tftp

ip inspect name FW match protocol vdolive

ip inspect name FW match protocol sqlnet

ip inspect name FW match protocol netbios

ip inspect name FW match protocol isakmp

ip inspect name FW match protocol pop3

ip inspect name FW match protocol smtp

ip inspect name FW match protocol snmp

ip inspect name FW match protocol snmptrap

ip inspect name FW match protocol ssh

ip inspect name FW match protocol h323

ip inspect name FW match protocol ftps

Copy the ACL "101" as "in" the ACL one you saw on the my demo router which showed you with, under "interface Dialer0" on your router.

Can you please also copy the ACL 101, on forum, as I don't remeber how I configured it.

thanks

Hi,

Your ACL 101, is

interface Dialer1

ip access-group 101 in

exit

!

access-list 101 permit udp any host 206.53.53.215 eq isakmp

access-list 101 permit esp any host 206.53.53.215

But I have a problem, my IP it is dynamic, so time to time the IP address change. How can I build the ACL 101 to replace de IP 206.53.53.215 to the one that change?

Thanks,

António

Usually business class DSL service IP address do not change even though this IP address is assigned dynamically. The ISP register or reserve the given public IP they assign on your DSL connection to your DSL account, so that it is easier accounting for the ISP, therefore you will always receives the same IP address from DSL PPPoE connection with a DSL Service provider even after rebooting the router. This is true in Canada with some of the ISP I have dealt with.

So, you may check with your local ISP, whether this is the case with your business class DSL service on your branch router.

If this is case with your local ISP, then you should change public IP address to reflect your public IP address on the ACL 101 and apply it on the dialer interface as facing "in"

As with Firewall inspection, try avoid inspecting traffic on both direction and stick with only for going outside as "ip inspect FW out" and for the inside traffic coming in, use the ACL 101 instead.

I hope that helps.

Thanks

Rizwan Rafeek

Hi,

Well, in Portugal the scenario i tis quit different. If you disconnect your modem or your router form any reason you got a new IP address. And you can have a several IP address for as many time your disconnect yours machines (so this afternoon I disconnected the modem 3 time and 4 the router and I had 5 different IP address).

But, all that matter, the tips that you gave me, there were very helpful!

The router ISR 1802 are connected through the ADLS, with VPN in and authentication in RADIUS.

Once again thank you.

António Deus

Boa tarde, Antonio!

Caso a sua dúvida tenha sido sanada, favor marcar essa discussão como respondida.

Grande abraço,

Davi Garcia

Bom dia Davi,

Como é que se marca a discussão como respondida?

Obrigado,

António Deus

   Olá Antonio

Apenas escolha as respostas que vc considerou como a correta e clique no botão Resposta correta.


Não esqueça de Avaliar as respostas, utilizando as Estrelas

Cheers
Bruno Rangel
Please remember to rate helpful responses using the star bellow and identify helpful or correct answers
Primeiros Passos

Encontre respostas, faça perguntas e conecte-se com nossa comunidade de especialistas da Cisco de todo o mundo.

Estamos felizes por você estar aqui! Participe de conversas e conecte-se com sua comunidade.