stevemona
join:2002-07-05
Albany, NY
| Any VPN Example Configurations?
Hello,
I have just purchased a CIsco 1710 Router and I want to configure it for Remote VPN access from a Windows Machine using the VPN client software. My Router is currently configured with the two ethernet ports, one connected directly to the internet and the other connected to my internal network. I want the VPN clients to be given an address on the internal network when they dial-in. I will also in the future want to link up two Cisco 1710's using a VPN tunnel connection but for now I only need the clients to connect. If anyone has a sample configuration for this please let me know! much appreciated! |
|
Covenant
Premium,MVM
join:2003-07-01
England
| Hi stevemona  , welcome to the Cisco forum. 
Here is a link which I hope you will find useful. If you have any issues or questions, please do not hesitate to post again and we will try to clear them up for you:
»www.cisco.com/en/US/products/sw/···46.shtml
Good luck. |
|
stevemona
join:2002-07-05
Albany, NY | reply to stevemona
thanks i'll give it a go setting it up tomorrow following this document and let you know:) |
|
TaRioNyX
join:2002-01-12
Webster, NY
1 edit | Do you guys know where to get the latest client software? I thought it was free from Cisco, but I couldn't seem to download it.
EDIT: Just noticed you're from albany! I'm in troy. If you wanted some help sometime, I could try to help you out. I have tons of books on cisco stuff, and I've passed the SECUR exam which deals a lot with the IPSEC VPN's on IOS. Plus I'm trying to do the same thing on my 1721, hehe |
|
stevemona
join:2002-07-05
Albany, NY
| reply to stevemona
Hi!
OK i've had a go at setting this up today but I'm currently stuck. I have been able to dial-in to the Router over VPN and my client receives an IP address but the client cannot ping anything on the network not even the router itself. it can ping its own address that has been given but that is about all. Here is my config. When I dial in the internet interface is e0 and my LAN interface fa0. It might be an access list problem but i'm not sure, any help would be much appreciated:!) thanks again!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname vpnrouter
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$BHO6$dPC9T77qavKq2izYC6Gy01
!
username xxx privilege 15 password 7 xxx
username xxx password 7 xxx
username xxx password 7 xxx
username xxx password 7 xxx
memory-size iomem 25
clock timezone Europe/London 0
clock summer-time Europe/London date Mar 30 2003 1:00 Oct 26 2003 2:00
aaa new-model
!
!
aaa authentication login default local
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
no ip source-route
!
!
ip tcp synwait-time 10
ip domain name 2000domain.chsys3.com
ip name-server 192.168.1.2
ip name-server 192.168.1.1
!
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
vpdn enable
vpdn authorize directed-request
!
no ftp-server write-enable
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group system3
key system3
dns 192.168.1.2
wins 192.168.1.2
domain 2000domain.chsys3.com
pool ippool
acl 108
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Ethernet0
ip address 194.242.138.187 255.255.255.248
half-duplex
crypto map clientmap
!
interface FastEthernet0
description $FW_INSIDE$$ETH-LAN$
ip address 10.1.1.200 255.255.255.0
speed auto
!
ip local pool ippool 10.1.1.230 10.1.1.240
ip default-gateway 10.1.1.4
ip classless
ip route 0.0.0.0 0.0.0.0 194.242.138.185
ip route 192.168.1.0 255.255.255.0 10.1.1.4
ip route 192.168.2.0 255.255.255.0 10.1.1.4
ip route 192.168.3.0 255.255.255.0 10.1.1.4
ip route 192.168.4.0 255.255.255.0 10.1.1.4
!
ip http server
ip http authentication local
ip http secure-server
!
!
!
ip access-list extended administrator on console
logging trap debugging
access-list 102 permit ip any any
access-list 103 permit ip any any
access-list 108 permit ip any any
!
radius-server authorization permit missing Service-Type
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
transport output telnet
line aux 0
transport output telnet
line vty 0 4
privilege level 15
transport input telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
end
vpnrouter# |
|
tomkb
Premium
join:2000-11-15
Avon, OH
clubs: | Not sure if this makes sense, but would you even want vpn overhead if you are dialing in? Dialing in by itself should be pretty secure. |
|
jj_in_mood
join:2002-01-03
Moon !! | reply to stevemona
Duplicate :
»Help ! VPN newbie - Follow up to example config
close this one out !!
Jj
--
Anything Possible |
|
