Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Clueless - VPN

Status
Not open for further replies.
mrn

mrn

MIS
Apr 27, 2001
3,993
GB
I've been asked to setup a new connection on an existing VPN at a company I'm currently working at. They have just sold off the side of the business with the techincal know-how.

If we are
1.1.1.1/8 int interface
2.2.2.2/28 ext interface

and I want to allow company x with an address of 3.3.3.3 to access one of our servers 192.168.0.1 with a password of letmein how would I do this?

Using Cisco IOS C831

If I've missed any important info, please let me know

Mike

"A foolproof method for sculpting an elephant: first, get a huge block of marble, then you chip away everything that doesn't look like an elephant.
 
Sort by date Sort by votes
Hello,

you could try a dynamic access list, not sure if that is a viable solution for your needs, since the remote user would have to TELNET in to your router first in order to then be able to access the server.
Anyway, here is how you would configure it:

interface Ethernet1
ip access-group 100 in
!
access-list 100 permit tcp host 3.3.3.3 host 2.2.2.2 eq telnet
access-list 100 dynamic server permit ip host 3.3.3.3 host 192.168.0.1
!
line vty 0 2
password letmein
autocommand access-enable host timeout 5
line vty 3 4
login (local)
rotary 1

The VTY line configuration is needed so that only the first 3 lines can be used by your remote customer, while the other two remain for your own access.

Can you try and see if this works ?

Regards,

GP
 
Upvote 0 Downvote
do you want to configure a site-to-site VPN or client-to-site VPN?
 
Upvote 0 Downvote
Site to Site

Mike

"A foolproof method for sculpting an elephant: first, get a huge block of marble, then you chip away everything that doesn't look like an elephant.
 
Upvote 0 Downvote
Thanks that really useful...But and there is always a but, I don't control the other VPN, can I use ipsec & isakmp?

Mike

"A foolproof method for sculpting an elephant: first, get a huge block of marble, then you chip away everything that doesn't look like an elephant.
 
Upvote 0 Downvote
In that sample configuration it's using IPSec and ISAKMP plus GRE tunnel.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

quazimotto
  • Locked
  • Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
305
quazimotto
quazimotto
tviman
  • Locked
  • Question
Same subnet on each side of a VPN 1
Replies
2
Views
342
tviman
tviman
DigitalG
  • Locked
  • Question
cisco rv180 vpn tunnel between a rv130
Replies
0
Views
246
DigitalG
DigitalG
napoleao
  • Locked
  • Question
IPSec VPN
Replies
3
Views
400
napoleao
napoleao
whatwhatwhatwhat
  • Locked
  • Question
VPN problem. Please help!
Replies
2
Views
304
ngtri
ngtri

Part and Inventory Search

Sponsor

Back
Top