Cisco 871 Site to Site VPN possible by configuring only one end?

Hi,

We connect to our datacenter VPS by using the old "Cisco IPSEC VPN Client" software on a Cisco ASA in the datacenter.

I have all the details for configuring Cisco IPSEC VPN client, e.g. group key/password, login passwords, IP addresses, split tunneling settings etc... None of it's encrypted in a config file or anything.

I wanted to know - We have a spare Cisco 871 router here, is it possible to configure this router to connect to the Cisco ASA in the datacenter in the same way that the Cisco IPSEC VPN client connects (Split tunnel vpn with dynamic ip etc), WITHOUT involving changing anything on the Cisco ASA in the DC??

IF so - is this as simple as setting up "crypto ipsec client ezvpn ASA" from here ? http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/112075-dynamic-ipsec-asa-router-ccp.html

Or is it impossible to set up a VPN between Cisco routers without configuring the data centers Cisco ASA? ... The problem is the data center Cisco ASA can't be modified as they provider won't touch its configuration unless we buy a new one and a maintenance package or something - and we are currently in the progress of migrating away so its a politically hostile situation.

(I'm referring how many non-cisco routers have functionality such as a 'pptp vpn client' where you can set up a vpn without configuring both ends).

Thanks!
birdisthewordAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Matt VCommented:
It is certainly possible to set the 871 up as an ezVPN client.

Refer to this article for the related config.  I cannot say for sure if it will work with the existing ASA configuration.

Worth a try though.

http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/69352-easyvpn-7200svr-871remote.html#diag
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
birdisthewordAuthor Commented:
Fantastic thanks! Just wanted to make sure it was even possible before investigating further, cheers
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.