Hello all I don't have much experience with Cisco. My company wants me to setup EC2 with a new 1941 router with the 15.1 IOS i believe is installed on there. The router is configured for internet access and is running. I have created the settings for Amazon using there document. I am just confused how that data is setup on the router itself. Do I just import the settings from the file i got or does something else need to be done.
Umm, wow. These are two totally different things that make little sense the way you are asking things.
Amazon EC2 is their Cloud Computing environment. Ie. you run up your own server instances on some virtual machines in Amazon's data centers somewhere around the planet. This is assuming you already have Internet access to get to them somewhere.
A Cisco 1941 router routes packets from one interface to the other.
I suppose you could buy Internet Access from somebody, and utilize your Cisco 1941 router as a firewall type setup, so that your company could access the Aamazon EC2 cloud, as well as the rest of the Internet.
But thats a totally different thing than what you are asking.
There's nothing direct that you'd be doing with Amazon EC2 to put on the router. Its all handled through APIs from your desktop out to the Cloud.
As long as the router is routing packets from your LAN to the Internet, then it doesn't need to be touched.
Looking around (since I don't have direct experience with this), it looks like they give you a configuration snippit in a text file that you have to add your site specific info into with all the proper keys and addresses filled in.
Then the easiest way to apply it to the Cisco IOS router configs is to ssh into the router, 'enable' yourself, and 'conf term' and copy-and-paste the contents of text file into the running config of the router into your ssh session. There's other ways (ie. grabbing it from an FTP server, etc.) but this is generally the quickest and most direct feedback way.
Once you are done, then 'end' and 'copy running-config startup-config' to finish it up and save the configuration.
When I try to copy it my programs just crash on me. Here is an example of the first few lines of the data i need to import, taken from the file.
match identity address 220.127.116.11 keyring keyring-vpn-d4499lcba-0 exit
! #2: IPSec Configuration ! ! The IPSec transform set defines the encryption, authentication, and IPSec ! mode parameters. ! crypto ipsec transform-set ipsec-prop-vpn-d449lcba-0 esp-aes 128 esp- sha-hmac mode tunnel exit
! The IPSec profile references the IPSec transform set and further defines ! the Diffie-Hellman group and security association lifetime. ! crypto ipsec profile ipsec-prop-vpn-d449lcba-0 set pfs group2 set security-association lifetime seconds 3600 set transform-set ipsec-prop-vpn-d449lcba-0 exit
It seems your configuration snippit is incomplete, 'match' is not a top level configuration option, it has to be within a 'crypto' block first.
If the router is complaining about 'crypto isakmp' not being acceptable instead, then your router probably isn't licensed for IPSec VPNs. You'd have to purchase the Security License for the router to unlock its IPSec VPN capabilities.
If you did buy it with the Security license (ie. a CISCO1941-SEC/K9), then perhaps the license PAK hasn't been activated on the router.