Router to 3030 Concentrator VPN Help Request

Router to 3030 Concentrator VPN Help Request

Post by Arnol » Tue, 14 May 2002 08:03:10



I've got to build a split-tunnel VPN solution tomorrow, and I'm having
trouble finding good config examples.  I wonder if a kind soul would be
willing to give me a high-level overview, and perhaps post the config files
for the router.

Here's the situation:

Remote office:  Has ISDN connection, and  I bought an 802 router.

Corporate office: Has 1720 router and a 3030 concentrator.

The goal is to set it up so that any "company" traffic is encrypted between
the 802 and the 3030.  Any "non-company" traffic at the remote site should
just go straight out through the ISP to the Internet unencrypted.

On the remote (802) side:  Do I have to set up a crypto-map?  If we are
using PAT, do I have to create a route-map that says "don't use NAT/PAT for
routes between the two company sites"?   Do I have to set up any crypto keys
or anything like that?

On the corporate side, how do I set up the 3030?  For individual users, I
just set up an account and password.  How does this work for a remote
device, such as a router?

Anything advice you can offer will be greatly appreciated.

Thanks,
A

 
 
 

Router to 3030 Concentrator VPN Help Request

Post by Jeff » Wed, 15 May 2002 12:08:43


There are examples for all of this here:

www.cisco.com/warp/public/707

Set aside a little time to see what is available before you jump in - a
little planning and preparation will save you a lot of time.

Good luck.

Jeff


> I've got to build a split-tunnel VPN solution tomorrow, and I'm having
> trouble finding good config examples.  I wonder if a kind soul would be
> willing to give me a high-level overview, and perhaps post the config files
> for the router.

> Here's the situation:

> Remote office:  Has ISDN connection, and  I bought an 802 router.

> Corporate office: Has 1720 router and a 3030 concentrator.

> The goal is to set it up so that any "company" traffic is encrypted between
> the 802 and the 3030.  Any "non-company" traffic at the remote site should
> just go straight out through the ISP to the Internet unencrypted.

> On the remote (802) side:  Do I have to set up a crypto-map?  If we are
> using PAT, do I have to create a route-map that says "don't use NAT/PAT for
> routes between the two company sites"?   Do I have to set up any crypto keys
> or anything like that?

> On the corporate side, how do I set up the 3030?  For individual users, I
> just set up an account and password.  How does this work for a remote
> device, such as a router?

> Anything advice you can offer will be greatly appreciated.

> Thanks,
> A


 
 
 

1. 831 Routers, VPN to 3030 Concentrator and authenticate with ACS ?

OK.. I am about to roll out 30+ 831 routers to home users, setting them
up to VPN into our 3030 concentrator.  Initially I thought I would have
to set them up manually, and know the IP address of the home user given
to them by their ISP.

Now I am wondering if I can't just configure the 831's in such a way
that it does not matter if the end user has a static or dynamic IP
address from their ISP.  Instead I could maybe set the 831's up
similiar to a VPN software client, where the 831 has a username and
password that they can use to authenticate with the 3030 concentrator
and ACS ?

Does that make any sense?  I have only done router to pix VPN tunnels
before and I needed to know the static IP of the router to configure
the pix so they would create a VPN session with each other.

Not sure if this is do-able, not sure if the 831 has something built in
to the IOS to allow for a setup like this.  I will keep digging but
thought I would post here to see what others have to say.

2. V9938 256-color demo

3. FreeS/WAN and Cisco 3030 VPN Concentrator

4. Can my former employer legally use my old email account?

5. CISCO Concentrator VPN 3030 error

6. Toshiba Satellite Laptop Video Problem

7. 3030 VPN concentrator

8. Fatal Error when try installing IPC5 on SMS2.0 SP3

9. Weird Routing Issue with 3030 VPN Concentrator

10. CISCO Concentrator VPN 3030 error

11. FreeS/WAN and Cisco 3030 VPN Concentrator

12. VRRP on 3030 concentrator

13. Can't get Internet Access when connected via 3030 concentrator