Solved

VPN with Cisco and Linux

Posted on 2003-12-01
5
631 Views
Last Modified: 2010-03-19
Here is my situation and setup:

Internet --------Router A----------(E0)Router B(E1)----------LAN

Router A belongs to my ISP and they have assigned my E0 interface on Router B (Cisco 2514) a private (10.0.0.155) IP address. The E1 Interface goes to my lan. The default gateway for Router B is set to the Interface on Router A (10.0.0.1).
I have a public IP and it is on some interface over at Router A and then any thing destined with my public IP gets sent to my Router B E0 interface.

I did NAT so my users can get to the net and I setup port fowarding so my www server will work.

I need to setup a VPN solution here using a Linux box or with the Cisco IOS. I will copy and paste my sh version of the router when I get it, but for now, all I know is that when I look for any vpn commands the only thing I see is VPDN. I don't know if that will work. Also, I don't think I have the IPsec or DES feature pack. Ill copy and paste as soon as I can.

Also if I use a linux solution, does my router need to support ipsec or any encryption?



 
0
Comment
Question by:rankin195
  • 3
  • 2
5 Comments
 

Author Comment

by:rankin195
ID: 9864190
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-C-L), Version 12.0(4), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Wed 14-Apr-99 21:53 by ccai
Image text-base: 0x0302CBAC, data-base: 0x00001000

ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a), RELEASE SOFTWARE (fc1)

pck2514 uptime is 13 days, 23 hours, 59 minutes
System restarted by reload
System image file is "flash:/c2500-c-l.120-4.bin"

cisco 2500 (68030) processor (revision D) with 16384K/2048K bytes of memory.
Processor board ID 04151312, with hardware revision 00000000
Bridging software.
SuperLAT software copyright 1990 by Meridian Technology Corp).
X.25 software, Version 3.0.0.
TN3270 Emulation software.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
 16384K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102
0
 
LVL 2

Expert Comment

by:skyfreedomdotnet
ID: 9882632
Ok the bad news first. THe Cisco 2514 router is no longer supported by Cisco and it does not offer any VPN services.
Now the good news.  Setting up a a VPN server on LInux will work. Now this is as long as your ISP allows IPSEC traffic through their router, you should ask and demand.
Another thing you could do is by a concentrator, like a Cisco 3005 (http://www.cdw.com/shop/products/default.aspx?EDC=222396) or a Linksys (http://www.linksys.com/products/product.asp?grid=34&scid=29&prid=589).
The concentrator would be my number one choice, its easy and standalone.
Let me know if this helps and if you have any questions post them.
0
 

Author Comment

by:rankin195
ID: 9885835
Ok I think I am going to go the linux way with IPSEC sinces it is cheaper.

What would I have to do with my router since I am doing nat and pat?

Does my router need IPSEC, cause I don't believe it does.

0
 
LVL 2

Accepted Solution

by:
skyfreedomdotnet earned 100 total points
ID: 9886058
No, your router does not need to support IPSEC. It will only be a passthrough.
Do this:

On your router NAT your Linux box's private ip to the outside. Do you have a firewall? If so  allow only ports 500 (ISAKMP) tcp, 50 (ESP) tcp IN.
0
 

Author Comment

by:rankin195
ID: 9887025
thank you
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now