VPN: Linksys WRV54G to Pix

I've got a Linksys WRV54G at home with VPN abilities. I was wondering if
it's possible to connect to my workplace (Cisco 506) with it? Anybody tried
this?

BG

 

You just need to make sure that NAT passthru is enabled...which is the
default for the Linksys.

I've done it to a 501 at my work with no problems.

Craig

 

:> I've got a Linksys WRV54G at home with VPN abilities. I was wondering if
:> it's possible to connect to my workplace (Cisco 506) with it? Anybody tried
:> this?

:You just need to make sure that NAT passthru is enabled...which is the
:default for the Linksys.

:I've done it to a 501 at my work with no problems.

Chris, I'm not sure that you answered the question that the OP asked.
Are you saying that:

a) you have been able to get the Cisco VPN client to work through
a Linksys device to a PIX 501?

b) you have been able to get the internal IP address range of your
LAN through a VPN tunnel between a Linksys and a PIX 501, over to the
remote LAN?

c) you have been able to use "lan extension mode" (L2TP) to have
your local LAN be a part of the remote LAN on a VPN tunnel built
between a Linksys and a PIX 501?

d) you have been able to have your local LAN NAT'd as you go through
a VPN tunnel built between a Linksys and a PIX 501 (such as would
be needed if the local LAN and the remote LAN used the same internal
address ranges)?

e) you have been able to have your Linksys build a VPN tunnel to a PIX 501
complete with using NAT-T (NAT Traversal) in order to support end-to-end
AH, or in order to have ESP get through a network that filters ESP,
or through a network that would otherwise interfere with IPsec?


I'm not sure exactly what you mean by "NAT passthru": it sounds more
like NAT Traversal to me than it sounds like "turn off NAT'ing so that
local IP addresses get through to the remote end", but as shown above
I can see other potential meanings as well. As I interpret things,
the OP is asking whether an IPSec tunnel can be built between a
Linksys WRV54G and a PIX 506; I'm not sure from your terminology
whether you answered that or not?

 

Chris, I assume you meant you have stablished a tunnel between the Linksys
and the 501, not just using a Cisco VPN client through it? The reason I ask
is that I see that WRV54G "is capable of 50 VPN tunnels" and that I can set
algorithms like IKE and IPSEC lifetime, preshared keys etc....



BG

--



Regards,
Bjorn G

 

~ I've got a Linksys WRV54G at home with VPN abilities. I was wondering if
~ it's possible to connect to my workplace (Cisco 506) with it? Anybody tried
~ this?
~
~ BG
~

You should be able to set up a static IPsec tunnel between a Linksys
VPN router and a PIX. Our websites don't have an examples of
this per se, but you can see a discussion at http://www.experts-exchange.com/Networking/Q_21144451.html .

Cheers,

Aaron

 

I've set up tunnels between my Linksys befvp41 and a pix 525, nortel
contivity 1700, nokia ip330/checkpoint and native MS ipsec with no problems.
Here's the pix side of the tunnel.

---172.26.4.0 net in my house
---192.168.101.0 net in remote location
---XX.XX.XX.XX is ip address of my house

access-list nonat_vpn permit ip 192.168.101.0 255.255.255.0 172.26.4.0
255.255.255.0

access-list 20 permit ip 192.168.101.0 255.255.255.0 172.26.4.0
255.255.255.0

nat (inside) 0 access-list nonat_vpn

crypto ipsec transform-set hogan esp-3des esp-sha-hmac
crypto map wtmap 1 ipsec-isakmp
crypto map wtmap 1 match address 20
crypto map wtmap 1 set pfs
crypto map wtmap 1 set peer XX.XX.XX.XX
crypto map wtmap 1 set transform-set hogan
crypto map wtmap interface outside

isakmp enable outside
isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255
isakmp identity address
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 1
isakmp policy 1 lifetime 28800

I can post screenshots from the Linksys if you want. Just make sure isakmp
group matches, authentication and encryption match, and PFS matches.

 

Thanks!

I'll start working on it tonight....



BG

 

Hello,

I have also a PIX 501 and a WRV54G.
When I connect to the PIX with Cisco's VPN client it works fine.

I'll connect two domains with VPN, the WRV54G needs to be connecting to the PIX and set-up a VPN tunnel.
I have used the settings that U have post but the WRV54G sty saying Waiting for connection .
My Tunnel config in the WRV is:
VPN Tunnel: Enabled

Local Secure Group (subnet)
192.168.1.0
255.255.255.0

Remote Secure Group (subnet)
172.16.23.0
255.255.255.0

Remote Secure Gateway (IP addr.)
Public IP address of the PIX

Encryption:
3DES

Authentication:
SHA1

Key Exchange Method:
AUTO(IKE)

PFS:
Enabled

Pre-Shared Key:
Some key...... (the same ass in the PIX)

Key Lifetime :
28000

Advanced VPN Tunnel Setup:
Nothings changed

Phase 2:
Group 768-bit (is group 1 like PIX settings)


What’s the config for the WRV? Or what can be wrong??

Dennis