Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

VPN with Cisco and Linux

Posted on 2003-12-01
5
Medium Priority
?
658 Views
Last Modified: 2010-03-19
Here is my situation and setup:

Internet --------Router A----------(E0)Router B(E1)----------LAN

Router A belongs to my ISP and they have assigned my E0 interface on Router B (Cisco 2514) a private (10.0.0.155) IP address. The E1 Interface goes to my lan. The default gateway for Router B is set to the Interface on Router A (10.0.0.1).
I have a public IP and it is on some interface over at Router A and then any thing destined with my public IP gets sent to my Router B E0 interface.

I did NAT so my users can get to the net and I setup port fowarding so my www server will work.

I need to setup a VPN solution here using a Linux box or with the Cisco IOS. I will copy and paste my sh version of the router when I get it, but for now, all I know is that when I look for any vpn commands the only thing I see is VPDN. I don't know if that will work. Also, I don't think I have the IPsec or DES feature pack. Ill copy and paste as soon as I can.

Also if I use a linux solution, does my router need to support ipsec or any encryption?



 
0
Comment
Question by:rankin195
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 

Author Comment

by:rankin195
ID: 9864190
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-C-L), Version 12.0(4), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Wed 14-Apr-99 21:53 by ccai
Image text-base: 0x0302CBAC, data-base: 0x00001000

ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a), RELEASE SOFTWARE (fc1)

pck2514 uptime is 13 days, 23 hours, 59 minutes
System restarted by reload
System image file is "flash:/c2500-c-l.120-4.bin"

cisco 2500 (68030) processor (revision D) with 16384K/2048K bytes of memory.
Processor board ID 04151312, with hardware revision 00000000
Bridging software.
SuperLAT software copyright 1990 by Meridian Technology Corp).
X.25 software, Version 3.0.0.
TN3270 Emulation software.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
 16384K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102
0
 
LVL 2

Expert Comment

by:skyfreedomdotnet
ID: 9882632
Ok the bad news first. THe Cisco 2514 router is no longer supported by Cisco and it does not offer any VPN services.
Now the good news.  Setting up a a VPN server on LInux will work. Now this is as long as your ISP allows IPSEC traffic through their router, you should ask and demand.
Another thing you could do is by a concentrator, like a Cisco 3005 (http://www.cdw.com/shop/products/default.aspx?EDC=222396) or a Linksys (http://www.linksys.com/products/product.asp?grid=34&scid=29&prid=589).
The concentrator would be my number one choice, its easy and standalone.
Let me know if this helps and if you have any questions post them.
0
 

Author Comment

by:rankin195
ID: 9885835
Ok I think I am going to go the linux way with IPSEC sinces it is cheaper.

What would I have to do with my router since I am doing nat and pat?

Does my router need IPSEC, cause I don't believe it does.

0
 
LVL 2

Accepted Solution

by:
skyfreedomdotnet earned 400 total points
ID: 9886058
No, your router does not need to support IPSEC. It will only be a passthrough.
Do this:

On your router NAT your Linux box's private ip to the outside. Do you have a firewall? If so  allow only ports 500 (ISAKMP) tcp, 50 (ESP) tcp IN.
0
 

Author Comment

by:rankin195
ID: 9887025
thank you
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question