Substitution of VPN Dialer with Cisco 831 router

[Macarulla]

hello everybody:
I hope someone will help me.
I can connect to a network with Cisco VPN Dialer but ony one Computer can access that network (the one which has the dialer installed). Now I have a Cisco 831 router and I want it to make the VPN dialing, but i can not get the right configuration.

I will show all the data I have, and I ask you to tell me what will the configuration of the router look like.

With VPN dialer:
Data: Host of remote server 80.58.164.251
Backup remote server 80.58.166.251
Group Access information:
Name: test01
Password: Idonottell

Enable transparent tunneling
Allow IPSEC over UDP (NAT/PAT)

Then, I connect, I right click the connection and it says in properties:
Client IP 10.227.0.1
Encryption: 168-bit 3-DES
Authentication: HMAC-SHA
Tunnel port: UDP 4500
Compression: NO
Local Lan: Disabled
Personal Firewall: Disabled
Firewall policyisabled
Transparen tunnel: Actived.

Well. Now, i disconnect and I have the router installed, and it routes to the Internet Ok (it is behind another router, but I can connect directly to the internet if I need)

Router data:
LAN (ethernet 0) 10.10.10.1 / 255.255.255.0
WAN (Ethernet 1) 10.1.1.20 / 255.255.255.0 Gateway 10.1.1.3

I know the configuration procedure, (how to type the commands), but I do not know which commands and in with order I have to type. If you send me the result of the "show running-config" command I can type the commands to get it.

Thanks in advance

(The password is not the right one, so, if you try, you won't connect)

 

[Macarulla]

I tried with Easy VPN but it doesn't work.
This is my actual configuration:



Current configuration : 1647 bytes
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
enable secret 5 $1$Q.wn$P7OsP2mh/I3OE0CwiTe.l1
!
username CRWS_Sangeetha privilege 15 password 7 06425E657B1F0F38411843043F213A2A727D6762714B564652
username Router password 7 050607162E
no aaa new-model
ip subnet-zero
ip name-server 80.58.0.33
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 0 2
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
!
crypto ipsec client ezvpn crws-client
connect auto
group test01 key 0 Idonottell
mode client
peer 80.58.164.251
!
!
!
!
interface Ethernet0
ip address 10.10.10.1 255.255.255.0
no ip mroute-cache
no cdp enable
crypto ipsec client ezvpn crws-client inside
hold-queue 32 in
!
interface Ethernet1
ip address 10.1.1.20 255.255.255.0
no ip mroute-cache
duplex auto
no cdp enable
crypto ipsec client ezvpn crws-client
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.3
ip http server
no ip http secure-server
!
access-list 23 permit 10.10.10.0 0.0.0.255
no cdp run
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
!
end


Please, I need your help.

 

[lambent]

You've mentioned about another router in front of your Cisco router, so I assume the following topology:

Internet----WAN router----Cisco router

Did you do NAT on your WAN router for 10.1.1.20?

Btw for the client-to-site configuration on IOS router with NAT transparency for IPSec, check this URL:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080235197.shtml

 

[Macarulla]

Yes, I do NAT in the wan router, so If I put a PC with VPN client, it works. But I want to replace PC with VPN client for a cisco router (and put a LAN behind). The example you pointed me to is for configuring the server side for the VPN client.


Now:
Internet --- WAN router (NAT) ---- PC with VPN client


What I want:


INTERNET --- WAN router (NAT) --- Cisco 831 ---LAN(10.1.1.x)

Or

INTERNET--- Cisco 831---LAN(10.1.1.x)

I need to configure the client side. How can I find examples of this? Easy VPN is not enough.

How can I see the logs in the router?.

Thanks.

 

[lambent]

So you're actually doing site-to-site VPN...
Is the VPN server on the other side a Cisco device?

Btw for EzVPN client settings, you can check this URL:

http://www.cisco.com/en/US/products...s_configuration_example09186a008032b637.shtml

Well this is not exactly a pure EzVPN client configuration but rather it's a combination of EzVPN server and client on the same router.

 

[Macarulla]

Yes, the other side is a Cisco device, but i do not know its configuration. I only have the result when I connect a VPN client program. Is it enough? (I also know, peer, user and password, the only data I introduce in vpn dialer program)

Client IP 10.227.0.1
Encryption: 168-bit 3-DES
Authentication: HMAC-SHA
Tunnel port: UDP 4500
Compression: NO
Local Lan: Disabled
Personal Firewall: Disabled
Firewall policyisabled
Transparen tunnel: Actived


I have seen the example, I will study it, it looks fine.

Thanks again