Solved

VPN with Cisco and Linux

Posted on 2003-12-01
5
625 Views
Last Modified: 2010-03-19
Here is my situation and setup:

Internet --------Router A----------(E0)Router B(E1)----------LAN

Router A belongs to my ISP and they have assigned my E0 interface on Router B (Cisco 2514) a private (10.0.0.155) IP address. The E1 Interface goes to my lan. The default gateway for Router B is set to the Interface on Router A (10.0.0.1).
I have a public IP and it is on some interface over at Router A and then any thing destined with my public IP gets sent to my Router B E0 interface.

I did NAT so my users can get to the net and I setup port fowarding so my www server will work.

I need to setup a VPN solution here using a Linux box or with the Cisco IOS. I will copy and paste my sh version of the router when I get it, but for now, all I know is that when I look for any vpn commands the only thing I see is VPDN. I don't know if that will work. Also, I don't think I have the IPsec or DES feature pack. Ill copy and paste as soon as I can.

Also if I use a linux solution, does my router need to support ipsec or any encryption?



 
0
Comment
Question by:rankin195
  • 3
  • 2
5 Comments
 

Author Comment

by:rankin195
ID: 9864190
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-C-L), Version 12.0(4), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Wed 14-Apr-99 21:53 by ccai
Image text-base: 0x0302CBAC, data-base: 0x00001000

ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a), RELEASE SOFTWARE (fc1)

pck2514 uptime is 13 days, 23 hours, 59 minutes
System restarted by reload
System image file is "flash:/c2500-c-l.120-4.bin"

cisco 2500 (68030) processor (revision D) with 16384K/2048K bytes of memory.
Processor board ID 04151312, with hardware revision 00000000
Bridging software.
SuperLAT software copyright 1990 by Meridian Technology Corp).
X.25 software, Version 3.0.0.
TN3270 Emulation software.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
 16384K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102
0
 
LVL 2

Expert Comment

by:skyfreedomdotnet
ID: 9882632
Ok the bad news first. THe Cisco 2514 router is no longer supported by Cisco and it does not offer any VPN services.
Now the good news.  Setting up a a VPN server on LInux will work. Now this is as long as your ISP allows IPSEC traffic through their router, you should ask and demand.
Another thing you could do is by a concentrator, like a Cisco 3005 (http://www.cdw.com/shop/products/default.aspx?EDC=222396) or a Linksys (http://www.linksys.com/products/product.asp?grid=34&scid=29&prid=589).
The concentrator would be my number one choice, its easy and standalone.
Let me know if this helps and if you have any questions post them.
0
 

Author Comment

by:rankin195
ID: 9885835
Ok I think I am going to go the linux way with IPSEC sinces it is cheaper.

What would I have to do with my router since I am doing nat and pat?

Does my router need IPSEC, cause I don't believe it does.

0
 
LVL 2

Accepted Solution

by:
skyfreedomdotnet earned 100 total points
ID: 9886058
No, your router does not need to support IPSEC. It will only be a passthrough.
Do this:

On your router NAT your Linux box's private ip to the outside. Do you have a firewall? If so  allow only ports 500 (ISAKMP) tcp, 50 (ESP) tcp IN.
0
 

Author Comment

by:rankin195
ID: 9887025
thank you
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now