|
Building a Site-to-Site VPN with a Cisco 831 Router and Linux, Preparations - Page 1 |
|
 |
|
Introduced at the end of 2002, the Cisco 831 SOHO router is competing with the smaller, faster and easier configurable PIX 501 of Cisco's own making. Altough released one year after the PIX 501, with more then twice the physical size and housed in cheap plastic, are there any advantages? Well, if having a full-fledged Cisco IOS at your fingertips is one, than thats it. We will configure the 831 identical to the PIX site-to-site IPSEC VPN setup with NAT. First, we wipe out any old setings and load the latest IOS software image. With a serial cable to the Routers console port and the minicom program under Linux, we send a 'Break' signal to the device right after power-on. The 'Break' signal is usually a special command sequence in the terminal program, I had to start minicom with -m to use 'ALT' as the meta key in order to generate the 'Break' sequence with 'ALT+F'. At the ROM prompt, we reset the configuration with the command 'confreg 0x2142', followed by a 'reset'. The device reloads with a empty configuration. |
1. Verify basic routing We set the hostname, the interface IP's, enable interfaces and routing, set the default route to the outside and finish configuring SSH device management: Router#conf t Router(config)#hostname ciscofirewall ciscofirewall(config-if)#no ip domain-lookup ciscofirewall(config-if)#interface Ethernet1 ciscofirewall(config-if)#description outside ciscofirewall(config-if)#ip address 128.12.1.155 255.255.255.0 ciscofirewall(config-if)#no shutdown ciscofirewall(config-if)#exit ciscofirewall(config)#ip routing ciscofirewall(config)#ip route static inter-vrf ciscofirewall(config)#ip route 0.0.0.0 0.0.0.0 128.12.1.10 ciscofirewall(config)#enable secret test ciscofirewall(config)#ip domain-name frank4dd.com ciscofirewall(config)#aaa new-model ciscofirewall(config)#username cisco secret 0 cisco ciscofirewall(config)#crypto key generate rsa general-keys modulus 1024 The name for the keys will be: ciscofirewall.frank4dd.com... ciscofirewall(config)#exit |
unknowncisco>sho ver (skipping output to last line...)
... Configuration register is 0x2102
unknowncisco>
System Bootstrap, Version 12.2(11r)YV3, RELEASE SOFTWARE
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2004 by cisco Systems, Inc.
C800/SOHO series (Board ID: 29-129) platform with 65536
Kbytes of main memory
rommon 1 > confreg 0x2142
You must reset or power cycle for new config to take effect
rommon 2 > reset
.. (another boot sequence later...)
Router>enable
Router>conf t
Router>config-register 0x2102 (set the config back to original)
Router>copy run start (this overwrites the old config)
Router>reload [y]
|
Cisco 831 Router for firewalling and optional hardware-accelerated VPN connectivity, incl. site-to-site VPN (2MB/s 3DES). Motorola RISC CPU, 64MB RAM, 12MB Flash. See here fore a view <inside> |
   |
