Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 801 to Pix506

Status
Not open for further replies.
youngneil

youngneil

Technical User
Sep 4, 2003
10
NO
I have a 801 ISDN router that dials the ISP (dynamic) that I want to connect to a Pix 506 by creating a VPN tunnel. I have set up several tunnels to the 506 already, but with 501's with static addresses.

Does anyone have config examples of this scenario? I was wondering if I could just use DES and pre-shared key and configure the 506 like the 801 is a simple Cisco VPN Client?

Please help!
 
Sort by date Sort by votes
You can find them on the feature i think you are looking for is easy vpn client in network extension mode. Also you could use it in client mode, which will make the 801 look like a regular vpn client : i.e ip address assigned for PAT, so no backwards traffic from your lan.
Also the pix needs to have vpngroup configuration and the IOS needs to be quite new.

Jan
 
Upvote 0 Downvote
Client mode, exactly. I want to make it very simple. The IOS is v12.3(1a) by the way (Pix 6.3(1)).

But then I need to put the router in a VPN group (like a Cisco VPN Client). Is that possible?
 
Upvote 0 Downvote
It is possible, but the config in dshinde's note is for a pix-to-pix lan-to-lan with clients.

You need to run the router as a regular Easy VPN Client, and yes the router needs to know the group and password of your vpngroup, you would prolly make one just for the router. In network extension mode the pix will automatically learn the ip net behind your router, and route the encrypted traffic to it. You can try to look at this example :

---------801 Router ----------------------------------
crypto ipsec client ezvpn VPN
group <groupname> key <key>
mode network-extension
peer <pix ip adr outside>
interface e0 (outside interface on your router)
crypto ipsec client ezvpn VPN

 
Upvote 0 Downvote
I am obviously on thin ice here, but I GOT to make this work. I am puzzled by especially one line here:

crypto ipsec client ezvpn VPN

It looks very &quot;non-IOS&quot;, and in any case the 801 really don't like &quot;client&quot; very much... Am I missing something very obvious here?
 
Upvote 0 Downvote
I think you need a &quot;T&quot; release for this to work, and probably a rather new one.

Jan
 
Upvote 0 Downvote
Aha! OK, I'll get a new (&quot;T&quot;) IOS tomorrow and see if I'll get this to work. Would be fab if I could set up ISDN routers this way and configure the Pix as it's a regular Cisco VPN Client.

Thanx!
 
Upvote 0 Downvote
I got the IOS ver. 12.2(15)T7 and still can't get the router to accept &quot;crypto ipsec client ezvpn VPN&quot; or &quot;group <groupname> key <key>&quot; in global or interface mode. Is the IOS still not correct? It's getting a bit frustrating this...

Is this version (T7) not a &quot;real&quot; &quot;T&quot; release? Please help!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
455
sircles
sircles
F
  • Locked
  • Solved
some IP Phone not working over site-to-site OpenVPN, packets modified on other side of tunnel
Replies
1
Views
2K
FrankSider12
F
Sparrow4
  • Locked
  • Question
CISCO AnyConnect - URL instead of IP Address
Replies
4
Views
1K
iggsterman
iggsterman
RogerRuntings
  • Locked
  • Question
VPN at Head Office to allow agents working from home to communicate (VOIP) with an external dialer
Replies
3
Views
863
iggsterman
iggsterman
Randy_F
  • Locked
  • Question
Need to connect to a VPN on startup... how to run a script that will automatically reconnect
Replies
0
Views
380
Randy_F
Randy_F

Part and Inventory Search

Sponsor

Back
Top