kavinagpur
asked on
Setting up VPN between Cisco UC520 and Cisco 877w
Hi all,
I want to setup VPN between UC520 in Australia and 877w in India.
Configuration for UC520 is attached.
Let me know what configuration needs to be done on 877w.
Thanks in advance.
Regards,
Vikas
UC520.txt
I want to setup VPN between UC520 in Australia and 877w in India.
Configuration for UC520 is attached.
Let me know what configuration needs to be done on 877w.
Thanks in advance.
Regards,
Vikas
UC520.txt
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for you reply
Whats AustraliaVPN?
Is this the setting that needs to be configured on 877w in India?
Thanks in advance.
Whats AustraliaVPN?
Is this the setting that needs to be configured on 877w in India?
Thanks in advance.
ASKER
Please also explain
peer xxx.xxx.xxx.xxx ----?
username xxxxx password xxxxx-----?
peer xxx.xxx.xxx.xxx ----?
username xxxxx password xxxxx-----?
ASKER
I ran the command as it is.
all went right
it came up with -----ISAKMP ON
But the VPN light on 877 is not on
Any suggestion?
all went right
it came up with -----ISAKMP ON
But the VPN light on 877 is not on
Any suggestion?
ASKER
I am attaching the configuration for 877w to which i made the above changes
877w.txt
877w.txt
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did the configuration.
But seems VPN not working. I am attaching the configuration of 877.
Let me know what went wrong.
Thanks in advance.
877w-config.txt
But seems VPN not working. I am attaching the configuration of 877.
Let me know what went wrong.
Thanks in advance.
877w-config.txt
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
Please suggest me what need to change on 877.
Thanks
Please suggest me what need to change on 877.
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello Expert, Verry verry Thanks for reply,
Site-1 (UC520): 192.168.2.0/24 (Main Site - Allready Configured as VPN Server)
IP for LAN- 192.168.2.2 to 192.168.2.254
Router IP - 192.168.2.1
TFTP server -10.1.1.1
Outer interface : Dialer(Fastethernet 0/0)
Static IP
Site-2 (871 W): 192.168.1.0/24 (Remote Site)
IP for LAN- 192.168.1.2 to 192.168.1.254 for switch
IP for LAN- 192.168.2.2 to 192.168.2.254 for Wireless
Router IP - 192.168.1.1 also 192.168.1.250
Dynamic IP
When i connect VPN through Dial up from any system of site-2 it running fine, also i am able to ping TFTP server,
i want to connect VPN from Router of Site 2 it's for VOIP, also i should able to ping TFTP without create Dialup
This configuration is Current Configuration of Both Side, it will be a great if keep the current configuration of Site-1
Let me know what configuration needs to be done on 877w.
Thanks
Site-1 (UC520): 192.168.2.0/24 (Main Site - Allready Configured as VPN Server)
IP for LAN- 192.168.2.2 to 192.168.2.254
Router IP - 192.168.2.1
TFTP server -10.1.1.1
Outer interface : Dialer(Fastethernet 0/0)
Static IP
Site-2 (871 W): 192.168.1.0/24 (Remote Site)
IP for LAN- 192.168.1.2 to 192.168.1.254 for switch
IP for LAN- 192.168.2.2 to 192.168.2.254 for Wireless
Router IP - 192.168.1.1 also 192.168.1.250
Dynamic IP
When i connect VPN through Dial up from any system of site-2 it running fine, also i am able to ping TFTP server,
i want to connect VPN from Router of Site 2 it's for VOIP, also i should able to ping TFTP without create Dialup
This configuration is Current Configuration of Both Side, it will be a great if keep the current configuration of Site-1
Let me know what configuration needs to be done on 877w.
Thanks
ASKER
Also,
when i create Easy VPN remote through SDM it was connect, i got status from VPN light on Router but i did not able to ping TFTP server.
Thanks
when i create Easy VPN remote through SDM it was connect, i got status from VPN light on Router but i did not able to ping TFTP server.
Thanks
ASKER
Hi Exert,
Now i try to create Easy VPN remote through SDM, Everything is Successfull but Tunnel status is Down on site-2
Thanks
Now i try to create Easy VPN remote through SDM, Everything is Successfull but Tunnel status is Down on site-2
Thanks
ASKER
Hello expert,
I still waiting for your reply, please do the needfull
Thanks
I still waiting for your reply, please do the needfull
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello Expert, Lot's of Thanks for your reply,
I did change the router configuation of site-2, as per requirment now detail mention below
Site-1 (UC520): 192.168.2.0/24 (Main Site - Allready Configured as VPN Server)
IP for LAN- 192.168.2.2 to 192.168.2.254
Router IP - 192.168.2.1
TFTP server -10.1.1.1
Outer interface : Dialer(Fastethernet 0/0)
Static IP
Site-2 (871 W): 192.168.4.0/23 (Remote Site)
Router IP : 192.168.4.1
Router Secondary IP :192.168.4.250
Router Ip For wireless : 192.168.6.1
IP for LAN- 192.168.4.2 to 192.168.2.254
IP for Wireless- 192.168.6.2 to 192.168.6.254 for Wireless
Please give me a suggestion
Thanks
I did change the router configuation of site-2, as per requirment now detail mention below
Site-1 (UC520): 192.168.2.0/24 (Main Site - Allready Configured as VPN Server)
IP for LAN- 192.168.2.2 to 192.168.2.254
Router IP - 192.168.2.1
TFTP server -10.1.1.1
Outer interface : Dialer(Fastethernet 0/0)
Static IP
Site-2 (871 W): 192.168.4.0/23 (Remote Site)
Router IP : 192.168.4.1
Router Secondary IP :192.168.4.250
Router Ip For wireless : 192.168.6.1
IP for LAN- 192.168.4.2 to 192.168.2.254
IP for Wireless- 192.168.6.2 to 192.168.6.254 for Wireless
Please give me a suggestion
Thanks
ASKER
Hi Expert,
I ran the commnd as per above(ID:26094835) after changin IP of Inteface, all went right but when i ran
Interface fastethernet 1
Crypto ipsc EZVPN Australia
that time i found error: Crypto EZVPN Currently supports only one Tunnel, i dont know how to remove exsting tunel please suggest me, now what should i do ?
Thanks
I ran the commnd as per above(ID:26094835) after changin IP of Inteface, all went right but when i ran
Interface fastethernet 1
Crypto ipsc EZVPN Australia
that time i found error: Crypto EZVPN Currently supports only one Tunnel, i dont know how to remove exsting tunel please suggest me, now what should i do ?
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello Expert,
herwith please find the attachment for Knowing Configuration of Boyh Router.
Thanks
Cisco-871-W.txt
Cisco-UC520.txt
herwith please find the attachment for Knowing Configuration of Boyh Router.
Thanks
Cisco-871-W.txt
Cisco-UC520.txt
ASKER
Hello expert,
when i ran no crypto ipsec client ezvpn Australia that time i found the error Error: crypto Ezvpn Australia is in use by an outersideinterface;can't delete
i am not sure what is this please suggest
Thanks
when i ran no crypto ipsec client ezvpn Australia that time i found the error Error: crypto Ezvpn Australia is in use by an outersideinterface;can't delete
i am not sure what is this please suggest
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello Expert,
Sorry for delay, i had physical problem about router
Herewith please find the attachment new configuration of Cisco 877.
Let me know what need to be done on it
Thanks
Vikas
New-Conf-Cisco-877.txt
Sorry for delay, i had physical problem about router
Herewith please find the attachment new configuration of Cisco 877.
Let me know what need to be done on it
Thanks
Vikas
New-Conf-Cisco-877.txt
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello Expert,
I ran the command as per mention above but i am not able to ping UC 520 (192.168.2.1) also TFTP server & Light of VPN on router is also down for more details i attached a Conf. of 877 please give me a guidence
Thanks
Vikas
I ran the command as per mention above but i am not able to ping UC 520 (192.168.2.1) also TFTP server & Light of VPN on router is also down for more details i attached a Conf. of 877 please give me a guidence
Thanks
Vikas
ASKER
Sorry
Herewith please find the Attachment of Configuration after Configure VPN on 877 W
Thanks
VPN.txt
Herewith please find the Attachment of Configuration after Configure VPN on 877 W
Thanks
VPN.txt
ASKER
If i connet to UC520 from DialUp VPN, I am able to ping UC520 also TFTP server
Thanks
Thanks
ASKER
Hello,
When I tried to create VPN through SDM, everything went to Fine but only Tunnel Status was down.
Please suggest me what need to be done on both router.
Thanks
Vikas
When I tried to create VPN through SDM, everything went to Fine but only Tunnel Status was down.
Please suggest me what need to be done on both router.
Thanks
Vikas
ASKER
ASKER
Hello Expert,
I am stil Waiting your reply??
Thanks
VIkas
I am stil Waiting your reply??
Thanks
VIkas
ASKER
hi Expert
When i open the hyperTerminal that time followinf error conti... running
*Aug 24 19:57:13.039: EZVPN(VPN) Server does not allow save password option,
enter your username and password manually
*Aug 24 19:57:13.039: EZVPN(VPN): *** Logic Error ***
*Aug 24 19:57:13.039: EZVPN(VPN): Current State: READY
*Aug 24 19:57:13.039: EZVPN(VPN): Event: MODE_CONFIG_REPLY
*Aug 24 19:57:13.039: EZVPN(VPN): Resetting the EZVPN state machine to recover
*Aug 24 19:57:13.043: %CRYPTO-6-EZVPN_CONNECTION
VPN_GROUP_1 Client_public_addr=XXXXXX Server_public_addr=YYYYY
please give me a guidence
Thanks
VIkas
When i open the hyperTerminal that time followinf error conti... running
*Aug 24 19:57:13.039: EZVPN(VPN) Server does not allow save password option,
enter your username and password manually
*Aug 24 19:57:13.039: EZVPN(VPN): *** Logic Error ***
*Aug 24 19:57:13.039: EZVPN(VPN): Current State: READY
*Aug 24 19:57:13.039: EZVPN(VPN): Event: MODE_CONFIG_REPLY
*Aug 24 19:57:13.039: EZVPN(VPN): Resetting the EZVPN state machine to recover
*Aug 24 19:57:13.043: %CRYPTO-6-EZVPN_CONNECTION
VPN_GROUP_1 Client_public_addr=XXXXXX Server_public_addr=YYYYY
please give me a guidence
Thanks
VIkas
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello expert,
I got error after entering above command on UC520
coinop-uc520(config)#crypt
% A profile is deemed incomplete until it has match identity statements
coinop-uc520(conf-isa-prof
coinop-uc520(config)#crypt
% A profile is deemed incomplete until it has match identity statements
coinop-uc520(conf-isa-prof
coinop-uc520(conf-isa-prof
coinop-uc520(conf-isa-prof
coinop-uc520(conf-isa-prof
^
% Invalid input detected at '^' marker.
coinop-uc520(conf-isa-prof
coinop-uc520(conf-isa-prof
^
% Invalid input detected at '^' marker.
coinop-uc520(conf-isa-pro
Where is wrong pls suggest me
Thanks
Vikas
I got error after entering above command on UC520
coinop-uc520(config)#crypt
% A profile is deemed incomplete until it has match identity statements
coinop-uc520(conf-isa-prof
coinop-uc520(config)#crypt
% A profile is deemed incomplete until it has match identity statements
coinop-uc520(conf-isa-prof
coinop-uc520(conf-isa-prof
coinop-uc520(conf-isa-prof
coinop-uc520(conf-isa-prof
^
% Invalid input detected at '^' marker.
coinop-uc520(conf-isa-prof
coinop-uc520(conf-isa-prof
^
% Invalid input detected at '^' marker.
coinop-uc520(conf-isa-pro
Where is wrong pls suggest me
Thanks
Vikas
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
hi ,
I found this error in UC520
000473: Dec 29 07:15:51.036: %CRYPTO-6-IKMP_MODE_FAILUR
ve mode failed with peer at 59.99.58.100
pls suggest
Thanks
I found this error in UC520
000473: Dec 29 07:15:51.036: %CRYPTO-6-IKMP_MODE_FAILUR
ve mode failed with peer at 59.99.58.100
pls suggest
Thanks
ASKER
Hello
When I create a VPn through SDM all went to good but i found 1 error on Tunnel (easyVpn is responding but Tunnel is not established.
Pls suggest
Thanks
When I create a VPn through SDM all went to good but i found 1 error on Tunnel (easyVpn is responding but Tunnel is not established.
Pls suggest
Thanks
ASKER
Hello expert,
If mode of Cisco 877 w is Client so what will be a mode of UC520. pls suggest me
Thanks
Vikas
If mode of Cisco 877 w is Client so what will be a mode of UC520. pls suggest me
Thanks
Vikas
ASKER
Hi,
Error is cont.. going on 877 W
*Aug 24 21:53:04.214: %CRYPTO-6-EZVPN_CONNECTION
VPN_GROUP_1 Client_public_addr=59.99.5
*Aug 24 21:53:05.858: %CRYPTO-6-IKMP_MODE_FAILUR
ode failed with peer at 58.108.208.65
Pls suggest
Thanks
Vikas
Error is cont.. going on 877 W
*Aug 24 21:53:04.214: %CRYPTO-6-EZVPN_CONNECTION
VPN_GROUP_1 Client_public_addr=59.99.5
*Aug 24 21:53:05.858: %CRYPTO-6-IKMP_MODE_FAILUR
ode failed with peer at 58.108.208.65
Pls suggest
Thanks
Vikas
ASKER
Hi Expert,
Now VPN status is Up but i am unable to ping TFTP server.
Pls suggest me
Thanks
Vikas
Now VPN status is Up but i am unable to ping TFTP server.
Pls suggest me
Thanks
Vikas
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello Expert,
Please download the Attchment for knowing of SA of both router
please suggest me how to ping TFTP from Cisco 877 also both router from both site.
TFTP configure on UC520
interface BVI1
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
Thanks
Vikrant
SA-UC520.txt
SA-Cisco-877-W.Txt
Please download the Attchment for knowing of SA of both router
please suggest me how to ping TFTP from Cisco 877 also both router from both site.
TFTP configure on UC520
interface BVI1
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
Thanks
Vikrant
SA-UC520.txt
SA-Cisco-877-W.Txt
ASKER
Hi, Expert,
I still waiting your reply, please it's verry Urgent .
for more clarification i attached the running configuration of Both Router
Thanks
VIkas
30-Dec-UC520.Txt
30-Dec-877-W.Txt
I still waiting your reply, please it's verry Urgent .
for more clarification i attached the running configuration of Both Router
Thanks
VIkas
30-Dec-UC520.Txt
30-Dec-877-W.Txt
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello Expert,
VPDN is for dial up vpn we have Esoft phone for that i used VPDN. and EZVPN is for Router to router VPN for Using VOIP hardware device, let me know this is possible or not i want keep both connection & DMVPN is Unnecesary i did remove it
please give me a suggestion what should i do now
Thanks
Vikas
VPDN is for dial up vpn we have Esoft phone for that i used VPDN. and EZVPN is for Router to router VPN for Using VOIP hardware device, let me know this is possible or not i want keep both connection & DMVPN is Unnecesary i did remove it
please give me a suggestion what should i do now
Thanks
Vikas
ASKER
If we can create Router to router VPN by usin VPDN so pls give a configuration of VPDN for 877 W router
suggest me how to configure VPND on 877 W
Thanks
Vikas
suggest me how to configure VPND on 877 W
Thanks
Vikas
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK
plese let me know can we create Router to router VPN by usin VPDN. if yes .... How?
Thanks
VIkas
plese let me know can we create Router to router VPN by usin VPDN. if yes .... How?
Thanks
VIkas
ASKER
Hello Expert,
I still doing wait for your reply
Thanks
Vikas
I still doing wait for your reply
Thanks
Vikas
ASKER
Hello Expert,
I got some link, there is information about VPDN co EZVPN, i saw it but i have lot's of confusion please suggest me how to configure VPDN co EZVPN, that link are mention below
http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/sampconf.pdf
http://www.cisco.com/en/US/docs/routers/access/1800/1801/software/configuration/guide/sampconf.pdf
Thanks
Vikas
I got some link, there is information about VPDN co EZVPN, i saw it but i have lot's of confusion please suggest me how to configure VPDN co EZVPN, that link are mention below
http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/sampconf.pdf
http://www.cisco.com/en/US/docs/routers/access/1800/1801/software/configuration/guide/sampconf.pdf
Thanks
Vikas
ASKER
Hello Expert,
I remove VPDN although i am unable to ping UC520 from here please give me a proper solution
Thanks
I remove VPDN although i am unable to ping UC520 from here please give me a proper solution
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Lot's of Thanks Expert
Now i believe my issue will be completed
Please suggest how to configure VPDN & EZVPN Co-exist, we have allready done VPN configuration through EZVPN between the two routers & VPDN for Dialup user.
there are two types of VPN configure on UC520,
VPDN is configured for Dialup user they access internet from USB stick & connect VPN (UC520) through Dial up.
EZVPN is configured for Branch Office means Router to router VPN (Cisco UC 520 to Cisco 877)
but we have some issue, when I connect VPN server(UC520) through dial up every thing is running fine also i am able to ping Uc520 & that Interface from any System
But when i am on router to router VPN, i am unable to ping UC520 & that interface but i saw on Cisco 877 W router VPN status is UP...
I want to keep both VPN (VPDN also EZVPN).
Thanks
Vikas
Now i believe my issue will be completed
Please suggest how to configure VPDN & EZVPN Co-exist, we have allready done VPN configuration through EZVPN between the two routers & VPDN for Dialup user.
there are two types of VPN configure on UC520,
VPDN is configured for Dialup user they access internet from USB stick & connect VPN (UC520) through Dial up.
EZVPN is configured for Branch Office means Router to router VPN (Cisco UC 520 to Cisco 877)
but we have some issue, when I connect VPN server(UC520) through dial up every thing is running fine also i am able to ping Uc520 & that Interface from any System
But when i am on router to router VPN, i am unable to ping UC520 & that interface but i saw on Cisco 877 W router VPN status is UP...
I want to keep both VPN (VPDN also EZVPN).
Thanks
Vikas
ASKER
Hello expert,
what happend why you take a more time, I keep hope on you for resolve this issue please suggest me
Thanks
what happend why you take a more time, I keep hope on you for resolve this issue please suggest me
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok i want to remove VPDN also EZVPN & i want to configure only router to router VPN pls suggest
i will become your pay customer, pls suggest me what should i do for that ?
Thanks
i will become your pay customer, pls suggest me what should i do for that ?
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
NO static IP in India.