Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Configuring IPSEC Remote Access VPN on 2800 Router

I have a 2851 router that is currently being used to terminate all site to site VPNs. I want to start using it for our remote access VPNs which are currently on our 3005 Concentrator. I do not want to do split tunneling so I assume no ACLs for the remote access VPN users. Also we have an ACS/Radius server that I want to use to authenticate users instead of local authentication. I would like to use pre-shared key also. Is there a good document which shows this or has anyone configured this? I have attached the existing configuration for the 2851 router which shows the site to site VPN configuration. There is also some SSL VPN stuff on there but we are not using that at this time. Thanks.

5 REPLIES

Re: Configuring IPSEC Remote Access VPN on 2800 Router

New Member

Re: Configuring IPSEC Remote Access VPN on 2800 Router

Thank you for the document. That looks very helpful. One issue I am having is the ACS configuration for the router. Currently, it is set up as RADIUS/IETF for telnetting to the device. The instructions say to use Cisco IOS/Pix and after changing it, I cannot telnet to the device. Not sure if there is a way around that.

Re: Configuring IPSEC Remote Access VPN on 2800 Router

you should be in 172.16.0.0/16 network to telnet the router.

if your RADIUS/IETF server is not available the can you enable password.

New Member

Re: Configuring IPSEC Remote Access VPN on 2800 Router

I thought so too but it comes back with "Rejected" instead of timing out to the enable password.

New Member

Re: Configuring IPSEC Remote Access VPN on 2800 Router

The document is helpful. I started to configure it but am running into some issues. The ACS portion of the configuration is not the same as our ACS. There is no Cisco Secure Database option for password authentication. I have attached the updated configuration. The VPN Client did not connect. I tried to do all of the debugs but it did not even display any errors. I am sure there are numerous things wrong with the configuration. I used the existing SOHO dynamic crypto map and added map 30 for the remote access VPN. Thanks again for all of your help.

876
Views
0
Helpful
5
Replies
CreatePlease to create content