Hello all I don't have much experience with Cisco. My company wants me to setup EC2 with a new 1941 router with the 15.1 IOS i believe is installed on there. The router is configured for internet access and is running. I have created the settings for Amazon using there document. I am just confused how that data is setup on the router itself. Do I just import the settings from the file i got or does something else need to be done.
thanks.
Umm, wow. These are two totally different things that make little sense the way you are asking things.
Amazon EC2 is their Cloud Computing environment. Ie. you run up your own server instances on some virtual machines in Amazon's data centers somewhere around the planet. This is assuming you already have Internet access to get to them somewhere.
A Cisco 1941 router routes packets from one interface to the other.
I suppose you could buy Internet Access from somebody, and utilize your Cisco 1941 router as a firewall type setup, so that your company could access the Aamazon EC2 cloud, as well as the rest of the Internet.
But thats a totally different thing than what you are asking.
There's nothing direct that you'd be doing with Amazon EC2 to put on the router. Its all handled through APIs from your desktop out to the Cloud.
As long as the router is routing packets from your LAN to the Internet, then it doesn't need to be touched.
Basically what I am looking to do is create the VPN connection from my router to the EC2. Uses BGP , IPSEC and such. I have the config file that needs to be put on the router.
I don't know if anything else needs to be configured to get the VPN to connect except for importing the config file.
Ah, VPN is the magic word.
Looking around (since I don't have direct experience with this), it looks like they give you a configuration snippit in a text file that you have to add your site specific info into with all the proper keys and addresses filled in.
Then the easiest way to apply it to the Cisco IOS router configs is to ssh into the router, 'enable' yourself, and 'conf term' and copy-and-paste the contents of text file into the running config of the router into your ssh session. There's other ways (ie. grabbing it from an FTP server, etc.) but this is generally the quickest and most direct feedback way.
Once you are done, then 'end' and 'copy running-config startup-config' to finish it up and save the configuration.
When I try to copy it my programs just crash on me. Here is an example of the first few lines of the data i need to import, taken from the file.
match identity address 72.21.159.225 keyring keyring-vpn-d4499lcba-0 exit
! #2: IPSec Configuration ! ! The IPSec transform set defines the encryption, authentication, and IPSec ! mode parameters. ! crypto ipsec transform-set ipsec-prop-vpn-d449lcba-0 esp-aes 128 esp- sha-hmac mode tunnel exit
! The IPSec profile references the IPSec transform set and further defines ! the Diffie-Hellman group and security association lifetime. ! crypto ipsec profile ipsec-prop-vpn-d449lcba-0 set pfs group2 set security-association lifetime seconds 3600 set transform-set ipsec-prop-vpn-d449lcba-0 exit
Get better programs then...
Or copy and paste it a line at a time. You don't need to copy the lines starting with an exclamation mark.
When I enter the first line match identity address 72.21.159.225
I get the following error.
% Invalid input detected at '^' marker.
It seems your configuration snippit is incomplete, 'match' is not a top level configuration option, it has to be within a 'crypto' block first.
If the router is complaining about 'crypto isakmp' not being acceptable instead, then your router probably isn't licensed for IPSec VPNs. You'd have to purchase the Security License for the router to unlock its IPSec VPN capabilities.
If you did buy it with the Security license (ie. a CISCO1941-SEC/K9), then perhaps the license PAK hasn't been activated on the router.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.