Prev: "ip route ... track ..." with Tunnel up/down status?
Next: Remote VPN on a PIX501
From: bg on 12 Aug 2010 13:22
Hello all I don't have much experience with Cisco. My company wants me
to setup EC2 with a new 1941 router with the 15.1 IOS i believe is
installed on there. The router is configured for internet access and
is running. I have created the settings for Amazon using there
document. I am just confused how that data is setup on the router
itself. Do I just import the settings from the file i got or does
something else need to be done.

thanks.
From: Doug McIntyre on 12 Aug 2010 13:57
bg <bgraham34(a)gmail.com> writes:
>Hello all I don't have much experience with Cisco. My company wants me
>to setup EC2 with a new 1941 router with the 15.1 IOS i believe is
>installed on there. The router is configured for internet access and
>is running. I have created the settings for Amazon using there
>document. I am just confused how that data is setup on the router
>itself. Do I just import the settings from the file i got or does
>something else need to be done.


Umm, wow. These are two totally different things that make little
sense the way you are asking things.

Amazon EC2 is their Cloud Computing environment. Ie. you run up your
own server instances on some virtual machines in Amazon's data centers
somewhere around the planet. This is assuming you already have
Internet access to get to them somewhere.

A Cisco 1941 router routes packets from one interface to the other.



I suppose you could buy Internet Access from somebody, and utilize
your Cisco 1941 router as a firewall type setup, so that your company
could access the Aamazon EC2 cloud, as well as the rest of the Internet.

But thats a totally different thing than what you are asking.


There's nothing direct that you'd be doing with Amazon EC2 to put on
the router. Its all handled through APIs from your desktop out to the Cloud.

As long as the router is routing packets from your LAN to the
Internet, then it doesn't need to be touched.
From: bg on 12 Aug 2010 14:11
Basically what I am looking to do is create the VPN connection from my
router to the EC2. Uses BGP , IPSEC and such. I have the config file
that needs to be put on the router.

I don't know if anything else needs to be configured to get the VPN to
connect except for importing the config file.
From: Doug McIntyre on 12 Aug 2010 15:11
bg <bgraham34(a)gmail.com> writes:
>Basically what I am looking to do is create the VPN connection from my
>router to the EC2. Uses BGP , IPSEC and such. I have the config file
>that needs to be put on the router.

>I don't know if anything else needs to be configured to get the VPN to
>connect except for importing the config file.

Ah, VPN is the magic word.

Looking around (since I don't have direct experience with this), it
looks like they give you a configuration snippit in a text file that
you have to add your site specific info into with all the proper keys
and addresses filled in.

Then the easiest way to apply it to the Cisco IOS router configs is to
ssh into the router, 'enable' yourself, and 'conf term' and
copy-and-paste the contents of text file into the running config of
the router into your ssh session. There's other ways (ie. grabbing it
from an FTP server, etc.) but this is generally the quickest and most
direct feedback way.

Once you are done, then 'end' and 'copy running-config startup-config'
to finish it up and save the configuration.

From: bg on 12 Aug 2010 15:43
When I try to copy it my programs just crash on me. Here is an example
of the first few lines of the data i need to import, taken from the
file.




match identity address 72.21.159.225
keyring keyring-vpn-d4499lcba-0
exit

! #2: IPSec Configuration
!
! The IPSec transform set defines the encryption, authentication, and
IPSec
! mode parameters.
!
crypto ipsec transform-set ipsec-prop-vpn-d449lcba-0 esp-aes 128 esp-
sha-hmac
mode tunnel
exit

! The IPSec profile references the IPSec transform set and further
defines
! the Diffie-Hellman group and security association lifetime.
!
crypto ipsec profile ipsec-prop-vpn-d449lcba-0
set pfs group2
set security-association lifetime seconds 3600
set transform-set ipsec-prop-vpn-d449lcba-0
exit
 |  Next  |  Last
Pages: 1 2
Prev: "ip route ... track ..." with Tunnel up/down status?
Next: Remote VPN on a PIX501