Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

837 to Pix Vpn + LAN Internet Access Trouble !!

Hi,

I was hoping you would advise me with a small setback I am facing with Our New Cisco 837K9 Router.

We have a DSL line at our office. We Procured the Cisco 837K9 Router for two purposes .

1.To establish a VPN using Easy VPN to our HO which is Running a Pix 515 Firewall

.2. To Enable Internet Access at the Same time to the Users on the LAN

My first Question is Can we Access the Internet and Connect to the Remote HO using Easy VPN at the same time through one ADSL line running on the 837K9. If Yes .. then is the Big one HOW !

Please find attached alongside in Text Format the Configuration I am running on the Router. I am able to Get Either the Internet OR the VPN Connectivity at ONE time.

ie. If I configure the Router to connect to the Intenet. It gets connected and Users can browse the net.

Then I configure it for Easy VPN , and strangly the Easy VPN connects to the Remote HO but the Internet from the LAN gets Knocked off.!!

Please advise.

Thanking you.

Tauseef Ahmed.

Network Support Engineer.

CAD Gulf LLC. Dubai.

+971504279415

My Router CONFIGURATION ***********************

vpn#sh ver

Cisco Internetwork Operating System Software

IOS (tm) C837 Software (C837-K9O3Y6-M), Version 12.2(13)ZH2, EARLY DEPLOYMENT RE

LEASE SOFTWARE (fc1)

Synched to technology version 12.2(14.5)T

TAC Support: http://www.cisco.com/tac

Copyright (c) 1986-2003 by cisco Systems, Inc.

Compiled Tue 22-Jul-03 09:37 by ealyon

Image text-base: 0x800131E8, data-base: 0x80AA14DC

ROM: System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)

ROM: C837 Software (C837-K9O3Y6-M), Version 12.2(13)ZH2, EARLY DEPLOYMENT RELEAS

E SOFTWARE (fc1)

vpn uptime is 40 minutes

System returned to ROM by reload

System image file is "flash:c837-k9o3y6-mz.122-13.ZH2.bin"

CISCO C837 (MPC857DSL) processor (revision 0x400) with 44237K/4915K bytes of mem

ory.

Processor board ID AMB075001ML (2758109279), with hardware revision 0000

CPU rev number 7

Bridging software.

1 Ethernet/IEEE 802.3 interface(s)

1 ATM network interface(s)

128K bytes of non-volatile configuration memory.

12288K bytes of processor board System flash (Read/Write)

2048K bytes of processor board Web flash (Read/Write)

Configuration register is 0x2102

vpn#sh conf

Using 1543 out of 131072 bytes

!

version 12.2

service config

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname vpn

!

logging queue-limit 100

enable password *****

!

ip subnet-zero

ip name-server 10.0.0.2

ip dhcp excluded-address 192.168.0.10

!

ip dhcp pool CLIENT

import all

!

!

ip audit notify log

ip audit po max-events 100

no ftp-server write-enable

!

!

!

!

!

!

!

!

crypto ipsec client ezvpn crws-client

connect auto

group test key 0 test

mode client

peer X.X.X.1

!

!

!

!

!

interface Ethernet0

ip address 192.168.0.10 255.255.255.0

no ip mroute-cache

crypto ipsec client ezvpn crws-client inside

hold-queue 100 out

!

interface ATM0

no ip address

no ip mroute-cache

atm vc-per-vp 64

no atm ilmi-keepalive

pvc 0/50

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode auto

hold-queue 224 in

!

interface Dialer1

ip address negotiated

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname connect

ppp chap password ****

ppp pap sent-username connect password *****

ppp ipcp dns request

ppp ipcp wins request

crypto ipsec client ezvpn crws-client

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip http server

no ip http secure-server

!

dialer-list 1 protocol ip permit

!

line con 0

password *****

login

no modem enable

stopbits 1

line aux 0

stopbits 1

line vty 0 4

exec-timeout 120 0

password *****

login

length 0

!

scheduler max-task-time 5000

!

end

vpn#

1 REPLY
New Member

Re: 837 to Pix Vpn + LAN Internet Access Trouble !!

Would recommend you rather configure the 837 for lan to lan configuration with the pix, I have had no good success cause the easy vpn option is very restricting. If you check under the cisco products and then check with the pix and 837 you will find some lan to lan examples. I have them running and the advantage is you can configure the 837 to split tunnel so internet traffic goes directly to the net.

168
Views
0
Helpful
1
Replies
CreatePlease to create content