• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1264
  • Last Modified:

Cisco 1760 VPN Setup

Hello All :)
I have a Cisco 1760 router that I would like to set up as a VPN server.  The configuration looks like this:
                                                                                       
Cable Modem --> Cisco 1760 Router --> Cisco PIX 520 --> Inside network and DMZ

I'd like to set up a VPN server so I can dial into it from my van hrough an internet card that I have from Sprint.  I would like to use Cisco's VPN software to connect from a laptop in my work van but Idon't know how to set up the router to accept connections.  I have a static IP address and I've attached text files containing the configs of each appliance.  Once that is done, I need to be able to access a computer on the inside network.  If someone could help me it would be great.  It's kind of time sensitive so the faster the better, and seeing how I'm not the best at this, actual commands would be extremely helpful so all I have to do is copy and paste.  Thanks everyone for all your help. My Network Configuration Router.txt PIX-520.txt
0
Music_Man608
Asked:
Music_Man608
  • 15
  • 7
  • 4
  • +1
1 Solution
 
ArneLoviusCommented:
If you just have a single static address on the router, why do you have the router between the cable modem and the PIX ?

It would be simpler to remove the router from the config and just have the PIX, then you could use the VPN capabilities of the PIX...

In either event, you will need to use the Cisco IPSec client. What version of Windows are you currently running ? And do you have the VPN client ?
0
 
greg wardSystems EngineerCommented:
System image file is "flash:c1700-ipbase-mz.123-6c.bin"

cisco 1760 (MPC860P) processor (revision 0x500) with 55642K/9894K bytes of memory.
link to which feature set does what

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps5460/prod_bulletin09186a00801af451.html
So your cisco router cannont do vpn and might need a ram upgrade as well as a new ios.
I like the above idea more and more.

Greg
0
 
Music_Man608Author Commented:
I put the router in the equasion simply to learnhow to use it.  Eventually I was going to subscribe to a VoiP service and learn to set that up by connecting my router to another router at another site.  In the current config, is there any way to set he PIX up to do the VPN?  I like that idea too but I don't necessarily wsant to remove the router.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
ArneLoviusCommented:
If you want to learn more about how to configure a router, I'd suggest having it inside your network, not in "production".

IPSec can travel over NAT, but it is simpler if it does not.

From the two configurations that you have posted, the router is not adding anything to your security.
0
 
Music_Man608Author Commented:
Ok, so I'll remove the router but can you tell me what the commands would be to set a VPN up on my PIX?
0
 
Music_Man608Author Commented:
Let me ask you this:  Can you tell me how to set the VPN up on the PIX, but going through the router?  Like what would I need to do to the router to let the PIX handle the VPN, and what would I need to do to the PIX to set up the VPN?  Thanks.
0
 
Music_Man608Author Commented:
Can you try something to assist in getting an answer?  I just renewed my membership again just for the purpose of getting this dilemma solved.  Thanks.
0
 
ArneLoviusCommented:
as per my previous, if you have the router terminating your Internet connection, you will not be able to have the PIX terminating VPNs "behind" it
0
 
Music_Man608Author Commented:
Why can't I have the router act as the VPN server?
0
 
ArneLoviusCommented:
as above from here http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps5460/prod_bulletin09186a00801af451.html

you have IP Base

IP Base is a baseline set of Cisco IOS Software services required to operate a Cisco IOS Router in a data environment. It includes technologies such as DSL connectivity, Ethernet Switching modules, 802.1q routing, and trunking on Ethernet interfaces. The Cisco IOS Software features and services in IP Base will be "inherited" in all the packages listed below. Additionally, IP Base will be the default image for most Cisco IOS Routers.

this does not include VPN capability
0
 
Music_Man608Author Commented:
Ok so if I remove the router, what are the commands I would use to set the PIX up as a VPN server?
0
 
Music_Man608Author Commented:
I am not going to award any points at all.  The responses are too speratic and if I needed something else to complete my task then I would thing one of the "experts" would tell me.  Instead I am simply told that it cannot be done even though I can go to my work and stand in my data center and see exactly what it is that I'm trying to accomplish.  The reason I joined and pay for this membership is to get these exact answers.  Since I cannot get any answers I am cancelling my membership only this time I will not return.  To me the problem is difficult, to an "expert" this should be easy but I keep getting the same answer "it can't be done".  
0
 
Ernie BeekExpertCommented:
I've requested that this question be deleted for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
Music_Man608Author Commented:
Before you close the question, mayme someone out there can explain to me how an entire agency in Cleveland Ohio is doing exactly what I'm asking?  So far the experts here in this forum tell me that what I'm asking cannot be done yet it's done all over the world.  It's nothing special I just don't have the education to complete the task which is why I came here.  Just think about it, how to pass right through the router and terminate the VPN at the PIX.
0
 
Ernie BeekExpertCommented:
Ok, let me switch from cleaning mode to answering mode and have a look.

Try adding the following to your PIX config:

access-list split_tunnel_vpn permit ip 192.168.35.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list vpn_nonat permit ip 192.168.35.0 255.255.255.0 192.168.1.0 255.255.255.0
ip local pool vpnpool1 192.168.1.1-192.168.1.254
nat (inside) 0 access-list vpn_nonat
sysopt connection permit-ipsec
crypto ipsec transform-set trmset1 esp-aes-256 esp-sha-hmac
crypto dynamic-map map2 10 set transform-set trmset1
crypto map map1 10 ipsec-isakmp dynamic map2
crypto map map1 interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption aes-256
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup mygroup address-pool vpnpool1
vpngroup mygroup dns-server 192.168.35.x
vpngroup mygroup wins-server 192.168.35.y
vpngroup mygroup default-domain mydomain.com
vpngroup mygroup split-tunnel split_tunnel_vpn
vpngroup mygroup idle-time 1800
vpngroup mygroup password mypassword


The bold parts you will need to replace with your own values or leave the lines out if you don't have them (except for the password line of course ;)

With this setup you should be able to connect using a cisco secure vpn client. Just leave the router out for now.

Let me know if this works (and if you have any questions).
0
 
Music_Man608Author Commented:
Thank you so very much, I will get back to you once I complete this.  I have to back up the PIX forst and to do that I have to set up my TFTP server again so give me a little while but I'm all over it.  Thanks again.
0
 
Ernie BeekExpertCommented:
No problem, I'll be here.
Just let me know if you run in to any problems (also if you don't :)
0
 
Music_Man608Author Commented:
So far the only thing it didnt like was the encryption method.  I changed it to DES and it worked fine.  I'm going to set up the client on my lptop and try logging in.  By the way, is there a user id and password / group password I need to add?  Thanks.
0
 
Music_Man608Author Commented:
Would you by chance have the Cisco VPN Client for Windows 7 64 bit that I could possibly get from you?
0
 
Ernie BeekExpertCommented:
Ehr, as a matter of fact I do. But we're not allowed to post links here besides links to official sources. Perhaps we can arrange an other way?
0
 
Ernie BeekExpertCommented:
Oh didn't read your other post.
You use mygroup and mypassword as configured in the vpngroup line.
0
 
Music_Man608Author Commented:
Can you send it to an email address?
0
 
Ernie BeekExpertCommented:
Officially not.
But I can't do anything about it if you still post it here ;)
0
 
Music_Man608Author Commented:
Universal Lock & Key (330) 483-2200 if you're available.  I have other config proplems too big to keep typing here.  Thanks.
0
 
Music_Man608Author Commented:
Disregard that last one.  I'm making headway but my cable company blocks everything incoming up to port 1024.  Is there anything I can do to make all this happen on a higher port?  PIX and/or client?  A Cisco tech did it once before years ago for me and I can't seem to locate that config file although I'm looking dilligently.
0
 
Ernie BeekExpertCommented:
Just change providers ;)
I have a serious @#$%& issue with providers that decide those things for me.
Anyway, there might be possibilities. I'll have to dig into that first.
0
 
Music_Man608Author Commented:
Nothing seems to be working.  I'll follow your advise and remove the router from the equasion and then repost another question.  Sorry for wasting everyones time.

-Glenn
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 15
  • 7
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now