Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SRP527W VPN Setup

Hello,

I am currently trying to setup a system which will backup our NAS drive located in our office and mirror the data to a computer at home over the internet. The office has the SRP527W router running the lastest firmware and our home has a standard Sky router (Sagem). As far as I am aware both places have a dynamic external IP but all our devices locally have a static IP.

I am new to setting up VPN's and would like a guideline on how I should go about creating the connection. I have read through the VPN section of the SRP500 administration guide and have got a brief understanding of how this should be done but still am not 100% sure where to start.

From what I have understood I will have to use the Cisco VPN server option on my router. With that in place, I'm guessing I would need the client to use either the Windows 7 VPN wizard or something else like the Cisco VPN tool to connect. Our office does not have a static external IP address and I presume we would need to use the DDNS option on the router and create a DynDNS account. I know this will allow us to connect to our router from anywhere using a dyn address but doesn't this have some security issues?

Other than the basic outline of how the VPN should be setup, what crucial information is needed for the server to run correctly and for the client to connect correctly? E.g. IP addresses, subnets, port-forwarding...

Any help would be greatly appreciated 

Everyone's tags (4)
9 REPLIES
Cisco Employee

SRP527W VPN Setup

Hi Jarrett,

You will need to use the Cisco VPN client to access the SRP VPN server feature - the native Windows client will not work for this.  You can download the client from the Cisco web site if you have a support contract....if not, a search on Google should provide somewhere else to find it .

There is no reason why using a DDNS service like DynDNS should be insecure.  This just provides a hostname to IP resolution service, so all traffic will pass directly between your client and server.  Just make sure that you use sensible secure passwords of course.

When configuring the VPN server, remember to use a subnet that does not overlap with any of your other VLAN addresses.  That should be all you need, once connected, the NAS will see the remote PC as a "local" client.

Hope that helps,

Andy

Cisco Employee

SRP527W VPN Setup

One other point....

Bear in mind that the VPN client can't do split tunnelling with the SRP, so once connected, all remote traffic will be routed via the VPN tunnel (you can configure the client to allow direct access to the local subnet).

Regards,

Andy

New Member

SRP527W VPN Setup

Thank you for the reply!

When you say that the subnet should not overlap with any other subnets on the network, does that mean it cannot be 255.255.255.0 as basically every device on our network has that subnet? Also I thought there was some security issues regarding DDNS because the Dyn domain address is pointing to our office IP address which obviously leads to our router login screen.

Regards,

Jarrett

Cisco Employee

SRP527W VPN Setup

Hi Jarrett,

The size of the subnet you assign really doesn't matter too much.  You could configure a /24 for the VPN clients (which might be convenient to remember), but you really don't need more that a /28, as the router only supports a maximum of 10 concurrent sessions.

So for example, you might have 192.168.15.0/24 for VLAN1 and 192.168.100.0/24 for VLAN100, so you could use 192.168.16.0/28 for the VPN server pool.

For DDNS, your SRP is just telling the service which IP address it has on its WAN interface.  Your PC can then use your domain name to find the VPN server - this is just a DNS name to address translation.  There is nothing here that will identify your PC on the other site.

Now, even if someone happens to know the domain name and can therefore find the SRP - all they will find is a firewall that will reject everything but VPN sessions, which will require your configured authentication details to initialise.  Also, your PC presumably sits behind a NAT router, so there would be no accessible route to it from the outside either.

Make sense?

Andy

New Member

SRP527W VPN Setup

Thanks for the clarification. I believe I have entered the correct information into the VPN server group, I have also created a user. When the VPN server is enabled is it supposed to appear in the VPN server status page because it does not appear on mine?

Regards

Jarrett

Cisco Employee

SRP527W VPN Setup

The VPN Server Status page will show which users are currently connected.  Are you saying you have a session established from your remote PC and that this is not shown on the status page?

Andy

New Member

SRP527W VPN Setup

It's alright, it has connected correctly, but now how do I connect to my NAS drive in our office. I have checked "Allow local LAN access" but I still cannot figure out how to connect.

Regards,

Jarrett

New Member

SRP527W VPN Setup

I've figured it out, I have now successfully mapped our office NAS drive on our client computer

Thank you for the help!

Regards

Jarrett

New Member

SRP527W VPN Setup

Hello Jarret,

Can you post the details (with fake IP WAN address) how you did it?

Thanks !!!

Greetings,

Ronald

3059
Views
5
Helpful
9
Replies
CreatePlease login to create content