The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Setting up Cisco VPN (remote access, Lab setup only)
Posted on 2006-11-06
I want to setup a remote access VPN (read: Where a user uses Cisco VPN client software to connect to a VPN termination device). This is in a lab.
Here's the thing: I have setup an IPSEC VPN between two 2501 routers, with a end user on each side. (I'm assuming this is a site to site VPN?) I still have it setup.
Would it be possible to use the exact same configuration and have a user connect to the router with VPN client software? Or would I need to change a lot of things in the routers config?
I will post the sh run of one of the routers in "the site to site" VPN shortly. Hopefully, I can use one of these routers for the job
Thanks
Here's the thing: I have setup an IPSEC VPN between two 2501 routers, with a end user on each side. (I'm assuming this is a site to site VPN?) I still have it setup.
Would it be possible to use the exact same configuration and have a user connect to the router with VPN client software? Or would I need to change a lot of things in the routers config?
I will post the sh run of one of the routers in "the site to site" VPN shortly. Hopefully, I can use one of these routers for the job
Thanks
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
3
7 Comments
Here is the sh run from one of my routers currently in a site to site VPN. Can i use this config for remote access? If not, what would I have to change?
Thanks
NY#sh run
Building configuration...
Current configuration : 1219 bytes
!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname NY
!
logging rate-limit console 10 except errors
enable secret 5 $1$kprY$RN4NWD24I3TSc0qTVz
!
ip subnet-zero
no ip finger
!
no ip dhcp-client network-discovery
!
crypto isakmp policy 100
authentication pre-share
group 2
lifetime 3600
crypto isakmp key vpntime address 192.168.1.1
!
crypto ipsec security-association lifetime seconds 1800
!
crypto ipsec transform-set 20 esp-des esp-sha-hmac
!
crypto map SanFran 120 ipsec-isakmp
set peer 192.168.1.1
set transform-set 20
set pfs group2
match address 105
!
!
!
!
interface Ethernet0
description internal
ip address 10.10.1.1 255.255.0.0
!
interface Serial0
description Connected to 2500B
ip address 192.168.3.1 255.255.0.0
encapsulation ppp
crypto map SanFran
!
interface Serial1
ip address 68.34.76.5 255.255.0.0
shutdown
!
ip kerberos source-interface any
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
!
access-list 105 permit ip 10.10.0.0 0.0.255.255 172.16.0.0 0.0.255.255
!
!
line con 0
transport input none
line aux 0
line vty 0 4
password testsetup
login
!
end
NY#
Thanks
NY#sh run
Building configuration...
Current configuration : 1219 bytes
!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname NY
!
logging rate-limit console 10 except errors
enable secret 5 $1$kprY$RN4NWD24I3TSc0qTVz
!
ip subnet-zero
no ip finger
!
no ip dhcp-client network-discovery
!
crypto isakmp policy 100
authentication pre-share
group 2
lifetime 3600
crypto isakmp key vpntime address 192.168.1.1
!
crypto ipsec security-association lifetime seconds 1800
!
crypto ipsec transform-set 20 esp-des esp-sha-hmac
!
crypto map SanFran 120 ipsec-isakmp
set peer 192.168.1.1
set transform-set 20
set pfs group2
match address 105
!
!
!
!
interface Ethernet0
description internal
ip address 10.10.1.1 255.255.0.0
!
interface Serial0
description Connected to 2500B
ip address 192.168.3.1 255.255.0.0
encapsulation ppp
crypto map SanFran
!
interface Serial1
ip address 68.34.76.5 255.255.0.0
shutdown
!
ip kerberos source-interface any
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
!
access-list 105 permit ip 10.10.0.0 0.0.255.255 172.16.0.0 0.0.255.255
!
!
line con 0
transport input none
line aux 0
line vty 0 4
password testsetup
login
!
end
NY#
It's been my experience with 2500's that it doesn't work. I once spent a lot of time trying to get it to work with no success. You really need a "non-2500" series router or PIX to setup a remote access VPN. You can't do VPN group configuration on the 2500. I believe the extent of the 2500's "remote access" VPN is configuring it as an Easy VPN server or client.
I have a 2610 router and a pix501 here at the house. Can I use the 2610? If so, how would I get started? Can I steal anything from the 2500 config?
thanks
thanks
The PIX 501 is capable. The 2610 should be capable as long as it has an IOS with the IPSEC feature set.
This article covers the basics of setting up an IOS based remote access VPN.
http://www.fredshack.com/docs/vpnios.html
Here's a configuration guide for the PIX:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172787.html
This article covers the basics of setting up an IOS based remote access VPN.
http://www.fredshack.com/docs/vpnios.html
Here's a configuration guide for the PIX:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172787.html
thanks! So for the 2600 link you sent me, I should pay particular attention to the first config (VPN only). I'm going to give it a shot
For the PIX, how can I tell if I have the capability to use EasyVPN? I have ios 6.3(3). Pix501
Thanks
For the PIX, how can I tell if I have the capability to use EasyVPN? I have ios 6.3(3). Pix501
Thanks
Featured Post
Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.
One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market. Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month6 days, 11 hours left to enroll
Earn Certification
Cisco CCNA R&S: ICND2 v3
$197.00$177.30
Earn Certification
Cisco CCENT R&S: ICND1 v3
$197.00$177.30
636 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.