[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.3

How can I remotely connect a cisco VPN tunnel?

Asked by ctrolz in Cisco PIX Firewall, Virtual Private Networking (VPN), Network Routers

Tags: Cisco, Cisco 851 router, 12.4

I have a project that includes 6 sites to connect to my home office. I used a combination of the SDM and CLI to configure an Easy VPN server (cisco 2821) at the home office and Easy VPN remote  (Cisco 851)on the 6 remote sites. These were all configured at the home office and have been shipped to the sites. THe VPN config on the remote sites were configured as network extensions with the xauth credentials saved to the router and the tunnel was set to auto. While testing I can bring up the tunnel with the SDM by using the test tunnel option which then prompts me for an SSH user and then the xauth user id and password. Since I will not have anyway to get to the SDM on the remote sites, I would like to know how I can up these tunnels via ssh on the server or remote side, or if there is a way to truely allow auto. 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:

Here is an example of one of the Remote side Cisco 851 RTR configs
 
Current configuration : 5356 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Cisco_262
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$iZO1$ocKJqH.HM90nEnL/6U9/V/
!
no aaa new-model
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-551209250
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-551209250
 revocation-check none
 rsakeypair TP-self-signed-551209250
!
!
crypto pki certificate chain TP-self-signed-551209250
 certificate self-signed 01
  30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 35353132 30393235 30301E17 0D303830 37303831 34313834
  395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3535 31323039
  32353030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  B89DA5CF AB30DFCE D8C99106 01D0524F 9C8D355E 5A087F43 802589D5 6C262502
  38854A4A FB74E768 A1A24D0C B051FE5D A5827C0E 6000988C CBC03E20 8B650834
  501E7BFA 2C6D0685 FD27E09A 17ECB889 05532486 307E0A59 2AEBE67B 65272BDD
  23A08A36 02521CFD 89040254 DCDF00F5 76CB1CE3 537221E6 81EF4B06 FB93B3F9
  02030100 01A37D30 7B300F06 03551D13 0101FF04 05300301 01FF3028 0603551D
  11042130 1F821D43 6973636F 5F323632 2E757374 6F626163 636F6661 726D6572
  2E636F6D 301F0603 551D2304 18301680 14F33410 DBEF06B7 F141EC73 76F6733A
  B648E6A8 F8301D06 03551D0E 04160414 F33410DB EF06B7F1 41EC7376 F6733AB6
  48E6A8F8 300D0609 2A864886 F70D0101 04050003 81810015 B4B479E6 7D15F638
  A8002175 773DB5BF 94193994 3FC95FCB 07CF8D9C 49FA44FF 35D3AA9B 399EBA39
  D234EF5F 87E7FB65 30BC156E 6B8F76C2 A1E4C56A 88DEF99C 031123B1 25E023C6
  B4C5A76C F2CCD486 512375DD 244EF4B9 8CED0F60 BF83AF7E E9CD6598 97751EE5
  DA06673F 4C8083A7 F9376E3C 09899956 BB82282D 306D23
        quit
no ip source-route
!
!
ip cef
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
ip domain name ustobaccofarmer.com
ip name-server 63.162.197.69
ip name-server 63.162.197.99
!
!
!
username az privilege 15 secret 5 
username whse secret 5 
!
!
!
crypto ipsec df-bit clear
!
!
!
crypto ipsec client ezvpn SDM_EZVPN_CLIENT_1
 connect auto
 group warehouse key $$$$$$
 mode network-extension
 peer 70.62.122.162
 username $$$$ password 6 $$$$$$
 xauth userid mode local
!
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description $ES_WAN$$FW_OUTSIDE$
 ip address 71.48.XXX.XX 255.255.255.XXX
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
 crypto ipsec client ezvpn SDM_EZVPN_CLIENT_1
!
interface Virtual-Template1 type tunnel
 no ip address
 tunnel mode ipsec ipv4
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 10.11.1.1 255.255.0.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 ip tcp adjust-mss 1300
 crypto ipsec client ezvpn SDM_EZVPN_CLIENT_1 inside
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 71.48.XXX.XX 2
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 120 interface FastEthernet4 overload
!
ip access-list extended VPN
 permit ip 10.11.0.0 0.0.255.255 10.1.0.0 0.0.255.255
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.11.0.0 0.0.255.255
no cdp run
!
control-plane
!
 
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
 
Related Solutions
Keywords: How can I remotely connect a cisco V…
Title
1 Cisco ASA 5510 Lan2Lan IPSec tu…
2 How do I access hosts on a remote ne…
3 cisco 837 VPN Tunnel
4 VPN tunnel between CISCO 837 & C…
5 Split tunneling configuration for Pix50…
6 cisco 2611 and VPN?
 
Loading Advertisement...
 
[+][-]07/12/08 11:22 AM, ID: 21989963Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zones: Cisco PIX Firewall, Virtual Private Networking (VPN), Network Routers
Tags: Cisco, Cisco 851 router, 12.4
Sign Up Now!
Solution Provided By: arnold
Participating Experts: 1
Solution Grade: A
 
[+][-]07/12/08 09:48 AM, ID: 21989714Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07/12/08 10:15 AM, ID: 21989790Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07/13/08 04:08 PM, ID: 21994679Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091111-EE-VQP-92 / EE_QW_2_20070628