Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SR 520 Secure Router, easy setup

Hi,

I have a pretty new 520 series router. It has a pretty simple desired configuration. For now, I would be happy if it could give an internal DHCP range of 192.168.3.0, and connect to the WAN via DHCP. I had it working when it was giving out an internal range of 192.168.75.0 (factory standard) last night, but when I switched to 3 it no longer gets past the gateway. Can someone tell me if I have errors in my attached config? It would be VERY much appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: SR 520 Secure Router, easy setup

Yes, other than the ACL for NAT Traffic, I dont see anything that will block the 3.x from going to the internet.

Regards,

Arul

*Pls rate if it helps*

10 REPLIES
Cisco Employee

Re: SR 520 Secure Router, easy setup

Hi,

Your NAT ACL needs to be updated with the correct subnet.

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.75.0 0.0.0.255

Change the above configuration to:

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.3.0 0.0.0.255

Regards,

Arul

*Pls rate if it helps*

New Member

Re: SR 520 Secure Router, easy setup

Excellent. Wow so dumb of me. I'll let you know if that works. That's all you see?

Cisco Employee

Re: SR 520 Secure Router, easy setup

Yes, other than the ACL for NAT Traffic, I dont see anything that will block the 3.x from going to the internet.

Regards,

Arul

*Pls rate if it helps*

New Member

Re: SR 520 Secure Router, easy setup

Worked great. Now I just need to set up a static VPN. I wonder if this device is capable of acting as a static VPN endpoint.

Cisco Employee

Re: SR 520 Secure Router, easy setup

Thanks for the update! Glad to be of help. Yes, you should be able to configure VPN Tunnel on the UC520. What type of static VPN Tunnel are you planning to configure. Is this going to be a Lan to Lan (L2L) tunnel between the UC520 to another VPN Device or is this going to be in EzVPN Connection. Also, you need to make sure that you are running a Crypto image to support IPSEC. Below are few examples that might help in configuring the tunnel.

Router to Pix.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094498.shtml

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a008032b637.shtml

Regards,

Arul

*Pls rate if it helps*

New Member

Re: SR 520 Secure Router, easy setup

I'm actually giving the SR520 you just helped me with a static IP to replace a Linksys in one of my sub offices.

The linksys already has a VPN connection to an ASA 5505 in the central location. The IP of the central location with the ASA 5505 is xx.60.101.154. The IP of the sub office where this new SR 520 is going as an endpoint is xx.8.140.226. So since the sub office already had a Linksys, the tunnel is already set up on the central ASA 5505. I set up the VPN on the new SR 520 for the remote site using the Cisco Configuration Assistant, but it had very few options. I got the attached "remote site config" as a result. It doesn't connect to the central site (the attached "central location config") as it is. The central site gives the attached errors. I am looking this over right now and see that it's going to be some programming to get them to connect to eachother. I'll try to figure it out but if you have any suggestions that would be great.

Cisco Employee

Re: SR 520 Secure Router, easy setup

Chris,

Based on your description and configuration, I think the problem lies with the Headend ASA configured for a Lan to Lan tunnel with peer address xxx.8.140.226 and then you are using the same address on the UC520 which is configured as a EzVPN Client. Do you know if you want to configure the UC520 as a EzVPN Client or L2L connection. Depending upon this, we may have to change the configuration either on the Headend ASA or UC520.

Regards,

Arul

*Pls rate if it helps*

New Member

Re: SR 520 Secure Router, easy setup

The UC520 would be better as a L2L connection. It's just that when you run through the VPN setup on Cisco Configuration Assistant, it sets it up the way it is in the posted config. I'll have to use command line to set it up as a L2L, but that's what I have to do I guess. If you know how to do that or have any ideas that would be great.

Cisco Employee

Re: SR 520 Secure Router, easy setup

Chris,

Below is the link on how to configure a L2L Connection between a Router and Pix/ASA.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094498.shtml

The above configuration example matches exactly what you are trying to do. Also, take note of the section where you have to bypass NAT for the IPSEC Traffic. Reconfigure the UC520 and try to bring up the tunnel and let me know if it works.

Regards,

Arul

*Pls rate if it helps*

New Member

Re: SR 520 Secure Router, easy setup

Okay I will try this out and let you know how it goes.

461
Views
15
Helpful
10
Replies