|
Newbie: Cisco 2801 as PPTP CLient
Can the cisco 2801 be used as a PPTP CLient or I need a Cisco PIX?
I want my users in LAN to be connected to a vpn without create a 'network dial-up connection' in each PC. Thanks. Charles. |
Re: Newbie: Cisco 2801 as PPTP CLient
Charles,
good day. Yes, you can use the router for Site-to-Site VPN, you might just want to check the version of software you have running to ensure that is supports a VPN. If it does not and you cannot afford the upgrade (recommended), you can use several other "vpn" methods to ensure site-to-site security, such as GRE tunnels, but they are not as secure. Check the product documentation here: http://www.cisco.com/en/US/products/...d8016fa68.html Regards, Daniel www.CherryFive.com Charles de Lorena wrote: > Can the cisco 2801 be used as a PPTP CLient or I need a Cisco PIX? > I want my users in LAN to be connected to a vpn without create a > 'network dial-up connection' in each PC. > > Thanks. > Charles. |
Re: Newbie: Cisco 2801 as PPTP CLient
Thanks Daniel.
Ios version: 12.3(8)T4 scenario: My Office Anywhere |----------------------------------| | LAN -- c2801 (pptp client) -- inet router -- pptp server cisco 7200 Are you sure I can configure my 2801 to connect to my 7200 via pptp? I don't find commands that support it? Thanks. > Yes, you can use the router for Site-to-Site VPN, you might > just want to check the version of software you have running to ensure > that is supports a VPN. > > Charles de Lorena wrote: > >>Can the cisco 2801 be used as a PPTP CLient or I need a Cisco PIX? >>I want my users in LAN to be connected to a vpn without create a >>'network dial-up connection' in each PC. |
Re: Newbie: Cisco 2801 as PPTP CLient
Charles,
I think I now understand the question. Does the cisco 7200 only support pptp? A site-to-site VPN using DES/3DES/AES would be better, but I know that some providers charge for this or it is difficult if the 7200 is not yours. Is the 7200 yours and do you configure it? Regards, Daniel www.CherryFive.com Charles de Lorena wrote: > Thanks Daniel. > > Ios version: 12.3(8)T4 > scenario: > > My Office Anywhere > |----------------------------------| | > LAN -- c2801 (pptp client) -- inet router -- pptp server cisco 7200 > > Are you sure I can configure my 2801 to connect to my 7200 via pptp? I > don't find commands that support it? > > Thanks. > > > Yes, you can use the router for Site-to-Site VPN, you might > > just want to check the version of software you have running to ensure > > that is supports a VPN. > > > > Charles de Lorena wrote: > > > >>Can the cisco 2801 be used as a PPTP CLient or I need a Cisco PIX? > >>I want my users in LAN to be connected to a vpn without create a > >>'network dial-up connection' in each PC. |
Re: Newbie: Cisco 2801 as PPTP CLient
Daniel, the 7200 is mine, so I can configure it anytime.
The pptp configurations is as follows: .. .. .. vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 11 interface Virtual-Template11 ip unnumbered Loopback0 no peer default ip address ppp authentication chap mygroup ppp authorization mygroup ! .. .. .. I have also a 3600 with the same configuration Any ideas or cli commands? Thanks Daniel Prinsloo - www.CherryFive.com wrote: > Charles, > I think I now understand the question. Does the cisco 7200 only support > pptp? A site-to-site VPN using DES/3DES/AES would be better, but I know > that some providers charge for this or it is difficult if the 7200 is > not yours. Is the 7200 yours and do you configure it? > Regards, > Daniel > www.CherryFive.com > > Charles de Lorena wrote: > >>Thanks Daniel. >> >>Ios version: 12.3(8)T4 >>scenario: >> >> My Office Anywhere >> |----------------------------------| | >> LAN -- c2801 (pptp client) -- inet router -- pptp server cisco 7200 >> >>Are you sure I can configure my 2801 to connect to my 7200 via pptp? > > I > >>don't find commands that support it? >> >>Thanks. >> >> >>>Yes, you can use the router for Site-to-Site VPN, you might >>>just want to check the version of software you have running to > > ensure > >>>that is supports a VPN. >>> >>>Charles de Lorena wrote: >>> >>> >>>>Can the cisco 2801 be used as a PPTP CLient or I need a Cisco PIX? >>>>I want my users in LAN to be connected to a vpn without create a >>>>'network dial-up connection' in each PC. > > |
Re: Newbie: Cisco 2801 as PPTP CLient
Charles,
good morning. This is good. We have several options to create a secure network between the two sites. I am listing two examples here, the first is a site-to-site GRE tunnel and is not the most secure, but will work on most versions of software. The second is using a vpn tunnel, but may not be supported on all versions of software. So, here is the first, you may need to change your IP addresses to fit in with your site: On Router 1: interface tunnel 0 ip address 192.168.24.1 255.255.255.252 (use an unused private address) tunnel source Loopback0 (if you have one - you can also use the serial address) tunnel destination 4.4.4.4 (the ip address of the other router loopback or serial address) no shut router ospf 1 network 192.168.24.0 0.0.0.3 area 0 (or similar for your routing protocol you use) On Router 2: interface tunnel 0 ip address 192.168.24.2 255.255.255.252 (use an unused private address) tunnel source Loopback0 (if you have one - you can also use the serial address) tunnel destination 3.3.3.3 (the ip address of the other router loopback or serial address) no shut router ospf 1 network 192.168.24.0 0.0.0.3 area 0 (or similar for your routing protocol you use) This will allow all traffic on the one LAN to talk to the other LAN. If you find that the response is not very good, you might think of using an access-list to limit the devices/protocols that can use the tunnel. Do a "show interface tunnel 0", the interface should be in a up/up state. Option 2: On Router 1: ip cef crypto isakmp policy 1 encr aes 256 hash md5 authentication pre-share group 2 crypto isakmp key cisco123 address 10.10.10.2 crypto ipsec transform-set cisco esp-seal esp-sha-hmac crypto map cisco 10 ipsec-isakmp set peer 10.10.10.2 set transform-set cisco match address 100 Interface Serial 0 (your internet facing interface) crypto map cisco access-list 100 permit ip 172.18.124.0 0.0.0.255 20.20.20.0 0.0.0.255 Router 2: ip cef crypto isakmp policy 1 encr aes 256 hash md5 authentication pre-share group 2 crypto isakmp key cisco123 address 10.10.10.1 crypto ipsec transform-set cisco esp-seal esp-sha-hmac crypto map cisco 10 ipsec-isakmp set peer 10.10.10.1 set transform-set cisco match address 100 interface serial 0 (internet facing interface) crypto map cisco access-list 100 permit ip 20.20.20.0 0.0.0.255 172.18.124.0 0.0.0.255 This is just some sample config and may have to change addresses to fit in with your company addresses. Please contact me if you need any further help. Regards, Daniel www.CherryFive.com |
| All times are GMT. The time now is 08:51 PM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.