VPN: Linksys WRV54G to Pix

Discussion in 'Cisco' started by BG, Oct 11, 2004.

  1. BG

    BG Guest

    I've got a Linksys WRV54G at home with VPN abilities. I was wondering if
    it's possible to connect to my workplace (Cisco 506) with it? Anybody tried
    this?

    BG
     
    BG, Oct 11, 2004
    #1
    1. Advertisements

  2. BG

    Craig B. Guest

    You just need to make sure that NAT passthru is enabled...which is the
    default for the Linksys.

    I've done it to a 501 at my work with no problems.

    Craig
     
    Craig B., Oct 11, 2004
    #2
    1. Advertisements

  3. :> I've got a Linksys WRV54G at home with VPN abilities. I was wondering if
    :> it's possible to connect to my workplace (Cisco 506) with it? Anybody tried
    :> this?

    :You just need to make sure that NAT passthru is enabled...which is the
    :default for the Linksys.

    :I've done it to a 501 at my work with no problems.

    Chris, I'm not sure that you answered the question that the OP asked.
    Are you saying that:

    a) you have been able to get the Cisco VPN client to work through
    a Linksys device to a PIX 501?

    b) you have been able to get the internal IP address range of your
    LAN through a VPN tunnel between a Linksys and a PIX 501, over to the
    remote LAN?

    c) you have been able to use "lan extension mode" (L2TP) to have
    your local LAN be a part of the remote LAN on a VPN tunnel built
    between a Linksys and a PIX 501?

    d) you have been able to have your local LAN NAT'd as you go through
    a VPN tunnel built between a Linksys and a PIX 501 (such as would
    be needed if the local LAN and the remote LAN used the same internal
    address ranges)?

    e) you have been able to have your Linksys build a VPN tunnel to a PIX 501
    complete with using NAT-T (NAT Traversal) in order to support end-to-end
    AH, or in order to have ESP get through a network that filters ESP,
    or through a network that would otherwise interfere with IPsec?


    I'm not sure exactly what you mean by "NAT passthru": it sounds more
    like NAT Traversal to me than it sounds like "turn off NAT'ing so that
    local IP addresses get through to the remote end", but as shown above
    I can see other potential meanings as well. As I interpret things,
    the OP is asking whether an IPSec tunnel can be built between a
    Linksys WRV54G and a PIX 506; I'm not sure from your terminology
    whether you answered that or not?
     
    Walter Roberson, Oct 11, 2004
    #3
  4. BG

    BG Guest

    Chris, I assume you meant you have stablished a tunnel between the Linksys
    and the 501, not just using a Cisco VPN client through it? The reason I ask
    is that I see that WRV54G "is capable of 50 VPN tunnels" and that I can set
    algorithms like IKE and IPSEC lifetime, preshared keys etc....



    BG

    --



    Regards,
    Bjorn G
     
    BG, Oct 12, 2004
    #4
  5. ~ I've got a Linksys WRV54G at home with VPN abilities. I was wondering if
    ~ it's possible to connect to my workplace (Cisco 506) with it? Anybody tried
    ~ this?
    ~
    ~ BG
    ~

    You should be able to set up a static IPsec tunnel between a Linksys
    VPN router and a PIX. Our websites don't have an examples of
    this per se, but you can see a discussion at http://www.experts-exchange.com/Networking/Q_21144451.html .

    Cheers,

    Aaron
     
    Aaron Leonard, Oct 12, 2004
    #5
  6. BG

    speakeasy Guest

    I've set up tunnels between my Linksys befvp41 and a pix 525, nortel
    contivity 1700, nokia ip330/checkpoint and native MS ipsec with no problems.
    Here's the pix side of the tunnel.

    ---172.26.4.0 net in my house
    ---192.168.101.0 net in remote location
    ---XX.XX.XX.XX is ip address of my house

    access-list nonat_vpn permit ip 192.168.101.0 255.255.255.0 172.26.4.0
    255.255.255.0

    access-list 20 permit ip 192.168.101.0 255.255.255.0 172.26.4.0
    255.255.255.0

    nat (inside) 0 access-list nonat_vpn

    crypto ipsec transform-set hogan esp-3des esp-sha-hmac
    crypto map wtmap 1 ipsec-isakmp
    crypto map wtmap 1 match address 20
    crypto map wtmap 1 set pfs
    crypto map wtmap 1 set peer XX.XX.XX.XX
    crypto map wtmap 1 set transform-set hogan
    crypto map wtmap interface outside

    isakmp enable outside
    isakmp key ******** address XX.XX.XX.XX netmask 255.255.255.255
    isakmp identity address
    isakmp policy 1 authentication pre-share
    isakmp policy 1 encryption 3des
    isakmp policy 1 hash sha
    isakmp policy 1 group 1
    isakmp policy 1 lifetime 28800

    I can post screenshots from the Linksys if you want. Just make sure isakmp
    group matches, authentication and encryption match, and PFS matches.
     
    speakeasy, Oct 12, 2004
    #6
  7. BG

    BG Guest

    Thanks!

    I'll start working on it tonight....



    BG
     
    BG, Oct 13, 2004
    #7
  8. BG

    DAMnet

    Joined:
    Aug 11, 2006
    Messages:
    1
    Likes Received:
    0
    Hello,

    I have also a PIX 501 and a WRV54G.
    When I connect to the PIX with Cisco's VPN client it works fine.

    I'll connect two domains with VPN, the WRV54G needs to be connecting to the PIX and set-up a VPN tunnel.
    I have used the settings that U have post but the WRV54G sty saying Waiting for connection .
    My Tunnel config in the WRV is:
    VPN Tunnel: Enabled

    Local Secure Group (subnet)
    192.168.1.0
    255.255.255.0

    Remote Secure Group (subnet)
    172.16.23.0
    255.255.255.0

    Remote Secure Gateway (IP addr.)
    Public IP address of the PIX

    Encryption:
    3DES

    Authentication:
    SHA1

    Key Exchange Method:
    AUTO(IKE)

    PFS:
    Enabled

    Pre-Shared Key:
    Some key...... (the same ass in the PIX)

    Key Lifetime :
    28000

    Advanced VPN Tunnel Setup:
    Nothings changed

    Phase 2:
    Group 768-bit (is group 1 like PIX settings)


    What’s the config for the WRV? Or what can be wrong??

    Dennis
     
    DAMnet, Aug 12, 2006
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.