Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

easy VPN Questions

Hello Guys,

my customer have a Normal Site-to Site VPN between PIX at the Central and several 2600 on Branch Office. I am trying to implement the easy VPN and need your help.

a) is the 2600 Router supported easy VPN Client ? wich Mode ?

b) beacause any branch office is now connected to the PIX via Public IP Address and Interessing traffic ACLs.what is about the Public IP Address on the Branch office when konfiguring easy VPN ?

her my aktuel konfig:

Branch:

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key xxxxxxxx address 213.xxx.xxx.xxx

crypto isakmp keepalive 10

crypto ipsec security-association lifetime seconds 28800

crypto ipsec transform-set Mymapset esp-3des esp-md5-hmac

!

crypto map Mymap local-address Ethernet1/0

crypto map Mymap 1 ipsec-isakmp

set peer 213.xxx.xxx.xx

set transform-set Mymapset

match address 100

interface FastEthernet0/0

description Connection to LAN

ip address 10.60.x.xxx 255.255.255.0

no ip redirects

no ip route-cache

no ip mroute-cache

speed 100

full-duplex

interface Ethernet1/0

description Connection to ISP

ip address 62.1xx.xxx.xx 255.255.255.xxx

ip access-group 101 in

no ip redirects

no ip route-cache

no ip mroute-cache

full-duplex

crypto map MYmap

ip classless

ip route 0.0.0.0 0.0.0.0 62.1xx.xxx.xx

access-list 100 permit ip 10.60.x.0 0.0.0.255 172.x.0.0 0.0.255.255

access-list 101 remark IPSec Rule

access-list 101 permit ip 172.x.0.0 0.0.255.255 10.60.x.0 0.0.0.255

Pix:

access-list ERF permit ip 10.61.0.0 255.255.0.0 10.60.x.0 255.255.255.0

crypto map mymap 4 ipsec-isakmp

crypto map mymap 4 match address ERF

crypto map mymap 4 set peer 62.1xx.xxx.xx

crypto map mymap 4 set transform-set mymap_set

isakmp key xxxxxxxxxxx address 62.1xx.xxx.xx netmask 255.255.255.255 no-xauth no-config-mode

isakmp identity address

isakmp keepalive 10

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

thanks for any suggession

AFE

1 REPLY
Silver

Re: easy VPN Questions

I don't think that Easy VPN remote is supported on the Cisco 2600. The list of devices that support this feature is listed at http://www.cisco.com/en/US/products/sw/secursw/ps5299/index.html

102
Views
0
Helpful
1
Replies