Hi johnnymac,

If it is easy VPN server you want to use... then check your IOS version. (show version)

Post you show version here and we will see if your ios supports easy VPN.

Thanks

Stephen

Cisco IOS Software, C837 Software (C837-K9O3Y6-M), Version 12.3(4)T6, RELEASE S

OFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2004 by Cisco Systems, Inc.

Compiled Wed 05-May-04 21:41 by eaarmas

ROM: System Bootstrap, Version 12.2(8r)YN, RELEASE SOFTWARE (fc1)

Router uptime is 2 hours, 47 minutes

System returned to ROM by power-on

System image file is "flash:c837-k9o3y6-mz.123-4.T6.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco C837 (MPC857DSL) processor (revision 0x500) with 44237K/4915K bytes of mem

ory.

Processor board ID AMB0828054T (588535814), with hardware revision 0000

CPU rev number 7

1 Ethernet interface

1 ATM interface

128K bytes of NVRAM.

12288K bytes of processor board System flash (Read/Write)

2048K bytes of processor board Web flash (Read/Write)

Configuration register is 0x2102

Many Thanks

Firstly, two good links for configuring easyVPN

http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_user_guide_chapter09186a00806560e9.html

http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_user_guide_chapter09186a00806560e9.html

Now, It appears that you IOS support easyVPN, you can check this here.http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

can you post the exact error that SDM gives you. Also, can you post the version of SDM that you are using.

Thanks

Stephen

Sorry, here is the second link

http://www.cisco.com/en/US/products/ps6635/products_data_sheet09186a00801541d5.html

Thanks for all your help.

I'm runnung SDM version 2.0

this is the error i get

Easy VPN Server and related features unavailable

The IOS image in your router does not support the requested feature. To configure this feature, you need to go to the Software Center on Cisco.Com and upgrade you IOS Image to one that supports this feature set.

Here is the flash content. I wonder if anything is a miss here?

System flash directory:

File Length Name/status

1 6305272 c837-k9o3y6-mz.123-4.T6.bin

2 16264 sdm.shtml

3 16264 sdm.shtml.hide

4 1462 home.html.hide

5 1463 home.html

6 1613 sdmconfig-83x.cfg

7 93095 attack-drop.sdf

8 270848 home.tar

9 1187840 ips.tar

10 3883008 sdm.tar

11 5272 conf

[11783112 bytes used, 537656 available, 12320768 total]

12288K bytes of processor board System flash (Read/Write)

Any Ideas?

Hi,

I think you may want to use SDM v2.3, This is the latest SDM.

http://www.cisco.com/en/US/products/sw/secursw/ps5318/index.html

but you need a CCO account with correct priviliges to download it.

Also try upgrading the image on your router to a 'plus image'. this is always denoted with and 's' in the image name. i.e.

c837-k9o3sy6-mz.123-8.T8.bin

Note how it differs slight from your image name. Again you need to have a CCO account with correct privilages to download.

You can also Buy the Plus image from your distributor.

I hope this helps

Regards

Stephen

hi,

Thanks again for your help, i've got the latest SDM and a plus IOS, unfortunately i can't can't tftp it all as i don't have enough memory. I tried to get 12.2.8(T) from cisco but they don't seem to offer it any more. I guess we're going to have to buy a new router.

I need an ADSL router for a small office of around 10 -15 people, that will terminate VPNS for 4- 5 staff, I read some info on the 871, would that be a good choice.

Cheers

J Mac

Stephen thanks a lot, this works great. VPN Server is accessible on the SDM. Have an up to date config etc.

If i could be cheeky and ask one more thing. I tftp'd in the previous config,

!username admin password 7 xxxxxxxxxxxxxxxx

no aaa new-model

ip subnet-zero

no ip domain lookup

ip name-server 195.92.195.95

ip name-server 195.92.195.94

ip dhcp excluded-address 192.168.2.254

ip dhcp excluded-address 192.168.2.2

!

ip dhcp pool CLIENT

network 192.168.2.0 255.255.255.0

default-router 192.168.2.254

dns-server 195.92.195.95 195.92.195.94

lease 0 2

!

!

ip inspect name myfw cuseeme timeout 3600

ip inspect name myfw ftp timeout 3600

ip inspect name myfw rcmd timeout 3600

ip inspect name myfw realaudio timeout 3600

ip inspect name myfw smtp timeout 3600

ip inspect name myfw tftp timeout 30

ip inspect name myfw udp timeout 15

ip inspect name myfw tcp timeout 3600

ip inspect name myfw h323 timeout 3600

ip audit notify log

ip audit po max-events 100

no ftp-server write-enable

!

!

!

!

!

!

!

interface Ethernet0

ip address 192.168.2.254 255.255.255.0

ip access-group 102 in

ip nat inside

ip tcp adjust-mss 1452

no ip mroute-cache

hold-queue 100 out

!

interface ATM0

no ip address

no ip mroute-cache

atm vc-per-vp 64

no atm ilmi-keepalive

pvc 0/38

pppoe-client dial-pool-number 1

!

dsl operating-mode auto

!

interface Dialer1

ip address 81.xxx.xxx.xxx 255.255.255.248

ip access-group 112 in

ip mtu 1452

ip nat outside

ip inspect myfw out

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer remote-name redback

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname xxxxxxxxx.btclick.com

ppp chap password 7 xxxxxxxxxxxxxxxxx

ppp pap sent-username xxxxxxxxx.btclick.com password 7 xxxxxxxxxxxx

ppp ipcp dns request

ppp ipcp wins request

hold-queue 224 in

!

ip nat inside source list 102 interface Dialer1 overload

ip nat inside source static tcp 192.168.2.3 3389 interface Dialer1 3389

ip nat inside source static tcp 192.168.2.3 5632 interface Dialer1 5632

ip nat inside source static tcp 192.168.2.3 5631 interface Dialer1 5631

ip nat inside source static tcp 192.168.2.2 25 interface Dialer1 25

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 10.9.0.0 255.255.255.0 192.168.2.253

no ip http server

no ip http secure-server

!

access-list 23 permit 192.168.2.0 0.0.0.255

access-list 23 permit 212.135.216.64 0.0.0.15

access-list 102 permit ip 192.168.2.0 0.0.0.255 any

access-list 103 deny ip 192.168.2.0 0.0.0.255 any

access-list 112 permit icmp any any administratively-prohibited

access-list 112 permit icmp any any echo

access-list 112 permit icmp any any echo-reply

access-list 112 permit icmp any any packet-too-big

access-list 112 permit icmp any any time-exceeded

access-list 112 permit icmp any any traceroute

access-list 112 permit icmp any any unreachable

access-list 112 permit tcp any host 81.138.200.254 eq smtp

access-list 112 permit tcp any host 81.138.200.254 eq 5631

access-list 112 permit udp any host 81.138.200.254 eq 5632

access-list 112 permit tcp any host 81.138.200.254 eq 3389

access-list 112 permit ip 212.135.216.64 0.0.0.15 any

access-list 112 deny ip any any

dialer-list 1 protocol ip permit

!

line con 0

exec-timeout 120 0

no modem enable

stopbits 1

line aux 0

line vty 0 4

access-class 23 in

exec-timeout 120 0

password 7 xxxxxxxxxxxx

login local

length 0

!

scheduler max-task-time 5000

!

end

But when i do that i can no longer access the SDM, i can ping and telnet to the router.

The E-message either

router not reachable

or

Http/https needs to be enabled.

Could you give me any pointers on this.

Thanks Again

J Mac

Any thoughts?

Hey JMac,

No problems to help.... Looks like you have two things slightly amiss, in your config.

Fisrt under you default route, you have 'no ip http server' command. You need to enable by going to global config mode and typing 'ip http server'

Leave 'no ip http secure-server' alone. Also you should set an access rule on the HTTP access to the box.

IP http access-class 2 (i think)

!

Access-list 2 permit 192.168.0.0 0.0.0.255

The other thing is that i personally always set the user account to have privilige level 15

User admin priviliage 15 password XXXXXXX

I can't remeber if this directly affects SDM access, but IMO it is good practice.

Hope this helps.

Stephen

PS are you Irish?

Hi,

No English.

I tried the above commands which went in fine, but i'm still getting the same message. Any other ideas.

Regards

J mac