Site2Site VPN with ubiquiti and Cisco router

One of my customer asked me to do a site2site VPN with his home ubiquiti router. I said “Yeah sure, we can try…” and it wasn’t very hard to accomplish this. Site2site IPsec VPN with dynamic peers to a Cisco router and parralel EasyVPN Cisco VPN users is not possible! In this case, the company is … Read moreSite2Site VPN with ubiquiti and Cisco router

Cisco VPN Error 27850 on Windows 10

Hello again! Today I wanted to install Cisco VPN Client on my Windows 10 machine but I got always error 27850. I found a knowledge base article that you need to install DNE Update. You can find it here: http://www.citrix.com/go/lp/dne.html If you have install problems. Follow the installation guide for the registry changes. Add a … Read moreCisco VPN Error 27850 on Windows 10

Redundant Internet access with Cisco routers

You can configure redundant internet lines with Cisco routers. For this we will use route tracking. The configuration of this is also for backing up your VPN lines. In this example we have to internet lines: The main line is 105.1.2.x and the backup line 222.1.2.x (I also bound a crypto map to it): interface Vlan2 description … Read moreRedundant Internet access with Cisco routers

Import Domain certificate from RootCA to your Cisco router

Today I will show you how to import a signed domain certificate from your own Domain Root Certification Authority. First we will generate a certificate for the Cisco router. I needed this for the WebVPN gateway to connect SSL VPN user. In my example, we will use “vpn.1337company.com“. You need a working RootCA in your windows … Read moreImport Domain certificate from RootCA to your Cisco router

Cisco Site2Site VPN problem with “Fail to allocate ip address”

Today I configured a site2site VPN on a Cisco Router. The remote device was a Palo Alto. Phase 1 was working correctly but we got problems with Phase 2, the debug logs said: *Aug 15 09:13:06.899: ISAKMP:(6035):Total payload length: 12 *Aug 15 09:13:06.899: ISAKMP:(6035): sending packet to 80.70.60.50 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Aug 15 … Read moreCisco Site2Site VPN problem with “Fail to allocate ip address”

Configuring internal DSL for Annex A line (like in Netherland)

A UK customer expanded to the netherlands where the local provider “Van den Bulk Telecom” delivered only a dsl line. So we need a Cisco Router with a built in modem with options for later VDSL use. Actually they provide an ADSL Annex A line. The provider gives us the following informations: Line: ADSL2+ over … Read moreConfiguring internal DSL for Annex A line (like in Netherland)

Router on the edge

Good morning everyone! Today I want to explain a configuration for routing internal networks with a layer 3 routing switch and a router for accessing the internet. I call it “router on the edge”. The definition “edge router” is typically a router running EBGP (External Border Gateway Protocol) so I invent a new definition 🙂 … Read moreRouter on the edge

Site2Site VPN Tunnel with ClientVPN @ Cisco IOS

Good Morning everyone! I want to describe several VPN configurations on a Cisco router, ASA firewall and Sophos UTM. I will start with Cisco IOS on a Cisco router. In this example you will learn to configure a site2site VPN tunnel with a coincident client VPN access. First we will configure the basic IPsec VPN settings. … Read moreSite2Site VPN Tunnel with ClientVPN @ Cisco IOS

Configuring a fallback for default-route on a Cisco router

This was a wish from one of my customer and I was investing a lot of time to connect the site2site VPN on both WAN uplinks with EIGRP metric and so on… but there is another simple way to configure an automatic default-route fallback which solves all our problems in case the primary WAN links … Read moreConfiguring a fallback for default-route on a Cisco router

Quality of Service within a VPN tunnel over Dialer-Interface

Today I will show you how to configure QoS for outgoing SIP VoIP traffic who goes throw a VPN tunnel / crypto-map. To solve this we need to create class-maps for all IP traffic and for our SIP traffic and bind them to the crypto map and the outgoing interface because VPN traffic is encapsulated … Read moreQuality of Service within a VPN tunnel over Dialer-Interface