Remote Access IPSec VPN on Cisco 3845 Router

rpsrekhi3 · ‎03-12-2007

I have a 3845 Integrated router.It is located at my corporate office and connects to the Internet ( e0).The branch office has a DS3 connectivity to it for internet acccess ( s0).I want to enable IPSec remote access on this router so that users can use the cisco VPN client to connect to it and access the corporate and branch office resources.

This Router is outside the Firewall and doesnot do any NAT/PAT.My question is that if i would apply a crypto map on its interface facing the internet ( e0) what precautions should i take so that it doesnt disrupt any general internet traffic.

Also do i need to use the commands ip nat outside and ip nat inside if i dont want the router to translate anything,but only provide remote access IPSec VPN Service?

Regards

Ravin

fred.s.mollenkopf · ‎03-14-2007

Ravin,

The router will be configured with dynamic-maps for the outside so this is fairly well documented and would be hard to disrupt the internal/external traffic. Unlike peer-to-peer tunnel, which would use crypto ACLs to determine the traffic to be encrypted and could be disruptive if configured incorrectly. Check out the IPSEC/IKE Configuration Examples and TechNotes for examples on how to configure these.

Go to section below for about 4 to 5 sample docs.

IPSec on Router to Cisco Secure VPN Client

http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html

NAT is not required to provide VPN services. The Cisco VPN client will require an IP, which can be static, IP Pool, DHCP, etc. A no NAT example is in the link I provided above.

Please rate any helpful posts

Thanks

Fred