Setting up 1941 with Amazon EC2.

Discussion in 'Cisco' started by bg, Aug 12, 2010.

  1. bg

    bg Guest

    Hello all I don't have much experience with Cisco. My company wants me
    to setup EC2 with a new 1941 router with the 15.1 IOS i believe is
    installed on there. The router is configured for internet access and
    is running. I have created the settings for Amazon using there
    document. I am just confused how that data is setup on the router
    itself. Do I just import the settings from the file i got or does
    something else need to be done.

    thanks.
     
    bg, Aug 12, 2010
    #1
    1. Advertising

  2. bg <> writes:
    >Hello all I don't have much experience with Cisco. My company wants me
    >to setup EC2 with a new 1941 router with the 15.1 IOS i believe is
    >installed on there. The router is configured for internet access and
    >is running. I have created the settings for Amazon using there
    >document. I am just confused how that data is setup on the router
    >itself. Do I just import the settings from the file i got or does
    >something else need to be done.



    Umm, wow. These are two totally different things that make little
    sense the way you are asking things.

    Amazon EC2 is their Cloud Computing environment. Ie. you run up your
    own server instances on some virtual machines in Amazon's data centers
    somewhere around the planet. This is assuming you already have
    Internet access to get to them somewhere.

    A Cisco 1941 router routes packets from one interface to the other.



    I suppose you could buy Internet Access from somebody, and utilize
    your Cisco 1941 router as a firewall type setup, so that your company
    could access the Aamazon EC2 cloud, as well as the rest of the Internet.

    But thats a totally different thing than what you are asking.


    There's nothing direct that you'd be doing with Amazon EC2 to put on
    the router. Its all handled through APIs from your desktop out to the Cloud.

    As long as the router is routing packets from your LAN to the
    Internet, then it doesn't need to be touched.
     
    Doug McIntyre, Aug 12, 2010
    #2
    1. Advertising

  3. bg

    bg Guest

    Basically what I am looking to do is create the VPN connection from my
    router to the EC2. Uses BGP , IPSEC and such. I have the config file
    that needs to be put on the router.

    I don't know if anything else needs to be configured to get the VPN to
    connect except for importing the config file.
     
    bg, Aug 12, 2010
    #3
  4. bg <> writes:
    >Basically what I am looking to do is create the VPN connection from my
    >router to the EC2. Uses BGP , IPSEC and such. I have the config file
    >that needs to be put on the router.


    >I don't know if anything else needs to be configured to get the VPN to
    >connect except for importing the config file.


    Ah, VPN is the magic word.

    Looking around (since I don't have direct experience with this), it
    looks like they give you a configuration snippit in a text file that
    you have to add your site specific info into with all the proper keys
    and addresses filled in.

    Then the easiest way to apply it to the Cisco IOS router configs is to
    ssh into the router, 'enable' yourself, and 'conf term' and
    copy-and-paste the contents of text file into the running config of
    the router into your ssh session. There's other ways (ie. grabbing it
    from an FTP server, etc.) but this is generally the quickest and most
    direct feedback way.

    Once you are done, then 'end' and 'copy running-config startup-config'
    to finish it up and save the configuration.
     
    Doug McIntyre, Aug 12, 2010
    #4
  5. bg

    bg Guest

    When I try to copy it my programs just crash on me. Here is an example
    of the first few lines of the data i need to import, taken from the
    file.




    match identity address 72.21.159.225
    keyring keyring-vpn-d4499lcba-0
    exit

    ! #2: IPSec Configuration
    !
    ! The IPSec transform set defines the encryption, authentication, and
    IPSec
    ! mode parameters.
    !
    crypto ipsec transform-set ipsec-prop-vpn-d449lcba-0 esp-aes 128 esp-
    sha-hmac
    mode tunnel
    exit

    ! The IPSec profile references the IPSec transform set and further
    defines
    ! the Diffie-Hellman group and security association lifetime.
    !
    crypto ipsec profile ipsec-prop-vpn-d449lcba-0
    set pfs group2
    set security-association lifetime seconds 3600
    set transform-set ipsec-prop-vpn-d449lcba-0
    exit
     
    bg, Aug 12, 2010
    #5
  6. bg

    Rob Guest

    bg <> wrote:
    > When I try to copy it my programs just crash on me. Here is an example
    > of the first few lines of the data i need to import, taken from the
    > file.


    Get better programs then...

    Or copy and paste it a line at a time.
    You don't need to copy the lines starting with an exclamation mark.
     
    Rob, Aug 12, 2010
    #6
  7. bg

    bg Guest

    On Aug 12, 3:47 pm, Rob <> wrote:
    > bg <> wrote:
    > > When I try to copy it my programs just crash on me. Here is an example
    > > of the first few lines of the data i need to import, taken from the
    > > file.

    >
    > Get better programs then...
    >
    > Or copy and paste it a line at a time.
    > You don't need to copy the lines starting with an exclamation mark.


    When I enter the first line
    match identity address 72.21.159.225

    I get the following error.

    % Invalid input detected at '^' marker.
     
    bg, Aug 12, 2010
    #7
  8. bg <> writes:
    >When I try to copy it my programs just crash on me. Here is an example
    >of the first few lines of the data i need to import, taken from the
    >file.


    >match identity address 72.21.159.225
    > keyring keyring-vpn-d4499lcba-0
    >exit



    It seems your configuration snippit is incomplete, 'match' is not a top
    level configuration option, it has to be within a 'crypto' block first.


    If the router is complaining about 'crypto isakmp' not being acceptable
    instead, then your router probably isn't licensed for IPSec VPNs.
    You'd have to purchase the Security License for the router to unlock
    its IPSec VPN capabilities.


    If you did buy it with the Security license (ie. a CISCO1941-SEC/K9),
    then perhaps the license PAK hasn't been activated on the router.
     
    Doug McIntyre, Aug 12, 2010
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. zxcvar
    Replies:
    2
    Views:
    590
    zxcvar
    May 12, 2004
  2. Doug MacLean
    Replies:
    0
    Views:
    535
    Doug MacLean
    Oct 14, 2003
  3. John

    Quality Setting in Epson R200 - Setting your own?

    John, Jan 24, 2006, in forum: Computer Information
    Replies:
    0
    Views:
    456
  4. ademartins

    Cisco Router 1941

    ademartins, Mar 16, 2011, in forum: Cisco
    Replies:
    0
    Views:
    674
    ademartins
    Mar 16, 2011
  5. Supersleuth

    1941 no nat

    Supersleuth, Feb 19, 2012, in forum: Cisco
    Replies:
    13
    Views:
    1,638
    Supersleuth
    Feb 24, 2012
Loading...

Share This Page