Cisco 828 to Netscreen VPN issue

Hello there,

I am trying to setup a VPN connection between our Cisco 828 ghdsl router and a customers Netscreen device. However all sources on the web and the documnet that I have been provided arent helping!

The guide shows that you connect to the IOS then login, enter password, and enter configure terminal mode.

I'm assuming this sub heading is the correct one: Configuring and Assigning the Cisco Easy VPN Remote Configuration

so i type in the first command:-

worldtelecom(config)#crypto ipsec client ezvpn name
% Invalid input detected at '^' marker.


and it doesnt work, I've been reading all afternoon getting frustrated. I'm sure its not this hard!

Here is the setup example information i've been given to work from:

The following configuration information sets up the basic network informationfor the Cisco for the test environment.

interface Ehternet0
 no ip directed-broadcast
interface Ethernet1
 ip address
 no ip directed-broadcast
ip classless
ip route

Cisco VPN and IKE Parameters

The following configuration information sets up the IPSEC and IKE information.
crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
 lifetime 28800
crypto isakmp key ihopethisworks address
crypto ipsec transform-set ciscotrans esp-des esp-md5-hmac
crypto map test 10 ipsec-isakmp
 set peer
 set transform-set ciscotrans
 match address 101

Setting the policy on the Cisco

Interface Ethernet0
 ip address
 no ip directed-broadcast
 crypto map test
access-list 101 permit ip
access-list 101 permit ip

and heres what my show command gives:
worldtelecom(config)#sh run
Building configuration...

Current configuration : 1603 bytes
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname worldtelecom
enable secret 5 $1$ka08$fmNjlfN.tCNrWaxBp8P7C0
username easynet privilege 15 password 7 1059060B54414359
ip subnet-zero
no ip domain lookup
ip name-server
ip name-server
ip dhcp pool pool-name
ip dhcp pool hsodhcppool
interface Ethernet0
 ip address
 ip nat inside
 load-interval 30
 no keepalive
 no cdp enable
 hold-queue 32 in
 hold-queue 100 out
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 dsl equipment-type CPE
 dsl operating-mode GSHDSL symmetric annex B
 dsl linerate AUTO
 hold-queue 224 in
interface Dialer1
 ip address negotiated
 ip nat outside
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 60
 no cdp enable
 ppp chap hostname
 ppp chap password 7 094341011112101819
 ppp pap sent-username password 7 130A181A031B032039
ip nat inside source route-map nonat interface Dialer1 overload
ip classless
ip route Dialer1
no ip http server
access-list 101 permit ip any
access-list 113 permit ip any
access-list 113 permit ip any
no cdp run
route-map nonat permit 10
 match ip address 101
line con 0
 exec-timeout 120 0
 stopbits 1
line vty 0 4
 access-class 113 in
 exec-timeout 0 0
 login local
scheduler max-task-time 5000

Any and ALL help is greatly appreciated. I'd really like someone to say 'just type this' but then i'm sure that would all be too easy:))

Thanks alot,

Who is Participating?

Improve company productivity with a Business Account.Sign Up

lrmooreConnect With a Mentor Commented:
>worldtelecom(config)#crypto ipsec client ezvpn name

try this one step at a time. If you fail at any step to get the listings, post result of "sho ver" - you may not have the IPSEC feature set...

worldtelecom(config)#(config)#crypto ?
  ca           Certification authority
  dynamic-map  Specify a dynamic crypto map template
  identity     Enter a crypto identity list
  ipsec        Configure IPSEC policy
  isakmp       Configure ISAKMP policy
  key          Long term key operations
  keyring      Key ring commands
  map          Enter a crypto map
  mib          Configure Crypto-related MIB Parameters
  xauth        X-Auth parameters
worldtelecom(config)#crypto ipsec ?
  client                Configure a client
  df-bit                Handling of encapsulated DF bit.
  fragmentation         Handling of fragmentation of near-MTU sized packets
  nat-transparency      IPsec NAT transparency model
  optional              Enable optional encryption for IPSec
  profile               Configure an ipsec policy profile
  security-association  Security association parameters
  transform-set         Define transform and settings
worldtelecom(config)#crypto ipsec client ?
  ezvpn  Configure an EzVPN client

Look for this line in your "show version":
    System image file is "flash:c2600-ik9o3s3-mz.123-1a.bin"
                                                  Designates IPSEC feature set w/3DES
If yours looks like:
   System image file is "flash:c2600-y-mz.122.bin"
   System image file is "flash:c2600-is-mz.122.bin"
                                                     ^  NO IPSEC feature set

richardwaltonAuthor Commented:
I fear the worst.. :)

worldtelecom(config)#crypto ?

% Unrecognized command

Heres the output requested. Its very similar to those specified

worldtelecom#show version
Cisco Internetwork Operating System Software
IOS (tm) C828 Software (C828-OY6-M), Version 12.2(8)YM, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Synched to technology version 12.2(11.2u)T
TAC Support:
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Fri 23-Aug-02 08:12 by ealyon
Image text-base: 0x80013170, data-base: 0x80766ADC

ROM: System Bootstrap, Version 12.2(1r)XE2, RELEASE SOFTWARE (fc1)
ROM: C828 Software (C828-OY6-M), Version 12.2(8)YM, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

worldtelecom uptime is 13 weeks, 3 days, 25 minutes
System returned to ROM by power-on
System image file is "flash:c828-oy6-mz.122-8.YM.bin"

CISCO C828 (MPC855T) processor (revision 0x401) with 31744K/1024K bytes of memory.
Processor board ID FOC07420RV8 (2904575692), with hardware revision 0000
CPU rev number 5
Bridging software.
1 Ethernet/IEEE 802.3 interface(s)
1 ATM network interface(s)
128K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
2048K bytes of processor board Web flash (Read/Write)

Configuration register is 0x2102


Is it possible to upgrade the image? I've just created an account at Cisco and am reading up on it now.

richardwaltonAuthor Commented:
I have been informed that there is not enough memory on the router to support the required IOS firmware and told to upgrade the memory or purchase a dedicated VPN server unit.

Neither are options those above will allow... I guess i will have to wait for the answer to my email to Draytek as to why it cant connect a VPN to the Netscreen firewall, again firmware issues i think.

Thanks for your support,

Kind Regards,
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.