Friday, December 2, 2016

Cisco Config: Router Being Used For Remote-Access VPN

I've done this config already in the past, but I think its worth mentioning again for those who will grab whatever they have on a shelf to make a VPN work.  I did grab a Cisco 2801 off of a shelf, simply because I needed something to change out a Juniper VPN router that was giving me problems.  Here is the config for adding a remote-access config in for VPN in back into a site.

access-list 111 deny ip
access-list 111 permit ip any any
access-list 101 permit ip
ip local pool ippool

ip nat inside source list 111 interface FastEthernet0/1 overload

username cisco password anyoldpassword
aaa new-model
aaa authentication login userauthen local
aaa authorization network groupauthor local

crypto isakmp policy 3
 encr aes 256
hash sha
 authentication pre-share
 group 2

crypto ipsec transform-set myset esp-aes 256 esp-sha-hmac

crypto isakmp client configuration group vpncl1ent
 key myvpnkey
pool ippool
 acl 101

crypto dynamic-map dynmap 10
 set transform-set myset

crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap

interface FastEthernet0/0
ip add
no shut
interface FastEthernet1/0
ip add
no shut
 crypto map clientmap

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.