Newbie: Cisco 2801 as PPTP CLient

Discussion in 'Cisco' started by Charles de Lorena, Jan 24, 2005.

  1. Can the cisco 2801 be used as a PPTP CLient or I need a Cisco PIX?
    I want my users in LAN to be connected to a vpn without create a
    'network dial-up connection' in each PC.

    Thanks.
    Charles.
     
    Charles de Lorena, Jan 24, 2005
    #1
    1. Advertising

  2. Charles,
    good day. Yes, you can use the router for Site-to-Site VPN, you might
    just want to check the version of software you have running to ensure
    that is supports a VPN. If it does not and you cannot afford the
    upgrade (recommended), you can use several other "vpn" methods to
    ensure site-to-site security, such as GRE tunnels, but they are not as
    secure. Check the product documentation here:
    http://www.cisco.com/en/US/products/ps5854/products_data_sheet0900aecd8016fa68.html
    Regards,
    Daniel
    www.CherryFive.com

    Charles de Lorena wrote:
    > Can the cisco 2801 be used as a PPTP CLient or I need a Cisco PIX?
    > I want my users in LAN to be connected to a vpn without create a
    > 'network dial-up connection' in each PC.
    >
    > Thanks.
    > Charles.
     
    Daniel Prinsloo - www.CherryFive.com, Jan 24, 2005
    #2
    1. Advertising

  3. Thanks Daniel.

    Ios version: 12.3(8)T4
    scenario:

    My Office Anywhere
    |----------------------------------| |
    LAN -- c2801 (pptp client) -- inet router -- pptp server cisco 7200

    Are you sure I can configure my 2801 to connect to my 7200 via pptp? I
    don't find commands that support it?

    Thanks.

    > Yes, you can use the router for Site-to-Site VPN, you might
    > just want to check the version of software you have running to ensure
    > that is supports a VPN.
    >
    > Charles de Lorena wrote:
    >
    >>Can the cisco 2801 be used as a PPTP CLient or I need a Cisco PIX?
    >>I want my users in LAN to be connected to a vpn without create a
    >>'network dial-up connection' in each PC.
     
    Charles de Lorena, Jan 24, 2005
    #3
  4. Charles,
    I think I now understand the question. Does the cisco 7200 only support
    pptp? A site-to-site VPN using DES/3DES/AES would be better, but I know
    that some providers charge for this or it is difficult if the 7200 is
    not yours. Is the 7200 yours and do you configure it?
    Regards,
    Daniel
    www.CherryFive.com

    Charles de Lorena wrote:
    > Thanks Daniel.
    >
    > Ios version: 12.3(8)T4
    > scenario:
    >
    > My Office Anywhere
    > |----------------------------------| |
    > LAN -- c2801 (pptp client) -- inet router -- pptp server cisco 7200
    >
    > Are you sure I can configure my 2801 to connect to my 7200 via pptp?

    I
    > don't find commands that support it?
    >
    > Thanks.
    >
    > > Yes, you can use the router for Site-to-Site VPN, you might
    > > just want to check the version of software you have running to

    ensure
    > > that is supports a VPN.
    > >
    > > Charles de Lorena wrote:
    > >
    > >>Can the cisco 2801 be used as a PPTP CLient or I need a Cisco PIX?
    > >>I want my users in LAN to be connected to a vpn without create a
    > >>'network dial-up connection' in each PC.
     
    Daniel Prinsloo - www.CherryFive.com, Jan 24, 2005
    #4
  5. Daniel, the 7200 is mine, so I can configure it anytime.
    The pptp configurations is as follows:
    ..
    ..
    ..
    vpdn-group 1
    ! Default PPTP VPDN group
    accept-dialin
    protocol pptp
    virtual-template 11

    interface Virtual-Template11
    ip unnumbered Loopback0
    no peer default ip address
    ppp authentication chap mygroup
    ppp authorization mygroup
    !
    ..
    ..
    ..

    I have also a 3600 with the same configuration
    Any ideas or cli commands?

    Thanks

    Daniel Prinsloo - www.CherryFive.com wrote:

    > Charles,
    > I think I now understand the question. Does the cisco 7200 only support
    > pptp? A site-to-site VPN using DES/3DES/AES would be better, but I know
    > that some providers charge for this or it is difficult if the 7200 is
    > not yours. Is the 7200 yours and do you configure it?
    > Regards,
    > Daniel
    > www.CherryFive.com
    >
    > Charles de Lorena wrote:
    >
    >>Thanks Daniel.
    >>
    >>Ios version: 12.3(8)T4
    >>scenario:
    >>
    >> My Office Anywhere
    >> |----------------------------------| |
    >> LAN -- c2801 (pptp client) -- inet router -- pptp server cisco 7200
    >>
    >>Are you sure I can configure my 2801 to connect to my 7200 via pptp?

    >
    > I
    >
    >>don't find commands that support it?
    >>
    >>Thanks.
    >>
    >>
    >>>Yes, you can use the router for Site-to-Site VPN, you might
    >>>just want to check the version of software you have running to

    >
    > ensure
    >
    >>>that is supports a VPN.
    >>>
    >>>Charles de Lorena wrote:
    >>>
    >>>
    >>>>Can the cisco 2801 be used as a PPTP CLient or I need a Cisco PIX?
    >>>>I want my users in LAN to be connected to a vpn without create a
    >>>>'network dial-up connection' in each PC.

    >
    >
     
    Charles de Lorena, Jan 24, 2005
    #5
  6. Charles,
    good morning. This is good. We have several options to create a secure
    network between the two sites. I am listing two examples here, the
    first is a site-to-site GRE tunnel and is not the most secure, but will
    work on most versions of software. The second is using a vpn tunnel,
    but may not be supported on all versions of software.

    So, here is the first, you may need to change your IP addresses to fit
    in with your site:

    On Router 1:

    interface tunnel 0
    ip address 192.168.24.1 255.255.255.252 (use an unused private address)
    tunnel source Loopback0 (if you have one - you can also use the serial
    address)
    tunnel destination 4.4.4.4 (the ip address of the other router loopback
    or serial address)
    no shut

    router ospf 1
    network 192.168.24.0 0.0.0.3 area 0 (or similar for your routing
    protocol you use)

    On Router 2:

    interface tunnel 0
    ip address 192.168.24.2 255.255.255.252 (use an unused private address)
    tunnel source Loopback0 (if you have one - you can also use the serial
    address)
    tunnel destination 3.3.3.3 (the ip address of the other router loopback
    or serial address)
    no shut

    router ospf 1
    network 192.168.24.0 0.0.0.3 area 0 (or similar for your routing
    protocol you use)

    This will allow all traffic on the one LAN to talk to the other LAN. If
    you find that the response is not very good, you might think of using
    an access-list to limit the devices/protocols that can use the tunnel.

    Do a "show interface tunnel 0", the interface should be in a up/up
    state.

    Option 2:

    On Router 1:

    ip cef

    crypto isakmp policy 1
    encr aes 256
    hash md5
    authentication pre-share
    group 2
    crypto isakmp key cisco123 address 10.10.10.2

    crypto ipsec transform-set cisco esp-seal esp-sha-hmac

    crypto map cisco 10 ipsec-isakmp
    set peer 10.10.10.2
    set transform-set cisco
    match address 100

    Interface Serial 0 (your internet facing interface)
    crypto map cisco

    access-list 100 permit ip 172.18.124.0 0.0.0.255 20.20.20.0 0.0.0.255

    Router 2:

    ip cef

    crypto isakmp policy 1
    encr aes 256
    hash md5
    authentication pre-share
    group 2
    crypto isakmp key cisco123 address 10.10.10.1

    crypto ipsec transform-set cisco esp-seal esp-sha-hmac

    crypto map cisco 10 ipsec-isakmp
    set peer 10.10.10.1
    set transform-set cisco
    match address 100

    interface serial 0 (internet facing interface)
    crypto map cisco

    access-list 100 permit ip 20.20.20.0 0.0.0.255 172.18.124.0 0.0.0.255

    This is just some sample config and may have to change addresses to fit
    in with your company addresses.

    Please contact me if you need any further help.
    Regards,

    Daniel
    www.CherryFive.com
     
    Daniel Prinsloo - www.CherryFive.com, Jan 26, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Caruso
    Replies:
    0
    Views:
    607
    John Caruso
    Apr 7, 2004
  2. John Caruso
    Replies:
    0
    Views:
    702
    John Caruso
    Apr 7, 2004
  3. Matthew
    Replies:
    0
    Views:
    4,014
    Matthew
    May 19, 2004
  4. Elia Spadoni
    Replies:
    15
    Views:
    2,955
  5. vall
    Replies:
    0
    Views:
    1,138
Loading...

Share This Page