1720 VPN - How? 1

[bezking]

How might I set up a 1720 as a VPN appliance? Also, does the unit need to be in use as a router or can I just use the LAN port and route VPN traffic to it?

THANKS!

 

[burtsbees]

SDM WILL SET THIS UP FOR YOU. iT IS FREE FROM cISCO.COM, WITH FREE REGISTRATION.

bURT

 

[supatech]

sdm can do it but hitting the command line isn't that hard do a search for cisco easy vpn you can setup all types of vpns and as the name states its Easy

CCNA MCSE MCP NET+ A+ Security+

 

[burtsbees]

http://www.tek-tips.com/viewthread.cfm?qid=1446922&page=1

It's a 2610, but the same way.

Burt

 

[bezking]

Thanks Guys. I'll check these out and advise.

 

[bezking]

The SDM says the 1720 is unsupported, I'll check that thread you posted.

 

[burtsbees]

You're right---sorry.

Burt

 

[bezking]

Burt - the router won't accept some of the commands in that link.

I give up - I'll just get a VPN3000 on ebay. Thanks for the suggestions.

 

[burtsbees]

Just popst a sh ver to see what your IOS supports. I wouldn't get a concentrator---don't give up THAT easy. This can be done...

Burt

 

[bezking]

Here it is...

#sh ver
Cisco Internetwork Operating System Software 
IOS (tm) C1700 Software (C1700-K9O3SY7-M), Version 12.2(4)T1,  RELEASE SOFTWARE (fc1)
TAC Support: [URL unfurl="true"]http://www.cisco.com/tac[/URL]
Copyright (c) 1986-2001 by cisco Systems, Inc.
Compiled Thu 25-Oct-01 19:50 by ccai
Image text-base: 0x800080E0, data-base: 0x80C4F454

ROM: System Bootstrap, Version 12.0(3)T, RELEASE SOFTWARE (fc1)

cvpn01 uptime is 52 minutes
System returned to ROM by power-on
System image file is "flash:c1700-k9o3sy7-mz.122-4.T1.bin"

cisco 1720 (MPC860) processor (revision 0x601) with 26215K/6553K bytes of memory.
Processor board ID JAD054907R1 (2445330522), with hardware revision 0000
M860 processor: part number 0, mask 32
Bridging software.
X.25 software, Version 3.0.0.
1 Ethernet/IEEE 802.3 interface(s)
1 FastEthernet/IEEE 802.3 interface(s)
1 Virtual Private Network (VPN) Module(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
          
Configuration register is 0x2102

 

[burtsbees]

On Cisco's site...

Supported Platforms

•Cisco 1720

•Cisco 1750
Prerequisites

Before you can enable the VPN feature on Cisco 1720 or Cisco 1750 routers, the VPN module must be installed and running one of the following Cisco IOS images with IPSec functionality:

•c1700-sy56i-mz

•c1700-o3sy56i-mz

•c1700-k2sy-mz

•c1700-k2o3sy-mz

•c1700-bno3r2sy56i-mz

•c1700-bk2no3r2sy-mz

•c1700-sv3y56i-mz

•c1700-o3sv3y56i-mz

•c1700-k2sv3y-mz

•c1700-k2o3sv3y-mz

•c1700-bno3r2sv3y56i-mz

•c1700-bk2no3r2sv3y-mz

What commands is it not taking? You should still be able to do a remote access VPN server in that, WITHOUT the VPN Module card in it...

Burt

 

[bezking]

It won't take this:

cvpn01(config)#crypto isakmp client configuration group xxxxxx
                                                  ^
% Invalid input detected at '^' marker.

cvpn01(config)#

 

[burtsbees]

cvpn01(config)#crypto isakmp client configuration ?

Post what it says.

Burt

 

[bezking]

cvpn01(config)#crypto isakmp client configuration ?
  address-pool  Set network address for client

cvpn01(config)#crypto isakmp client configuration

 

[burtsbees]

Is the VPN module still in it? Take it out!

Burt

 

[burtsbees]

How many users are you going to try and connect?

Burt

 

[bezking]

3 Users only... I'll begin the dissection... Now where did I leave my antistatic wristband?!

 

[bezking]

OK, so here's one.
I pulled the VPN module, and now I can't log in to the router!
What happened?

 

[burtsbees]

What do you mean?

Burt

 

[bezking]

The router uses AAA.
When I get the login prompt it will take my username, but not my password.