Solved

Configure Cisco 2611XM as VPN server for Cisco VPN client

Posted on 2004-04-29
4
1,704 Views
Last Modified: 2008-02-01
I'm trying to configure my Cisco 2611 router to accept connections from the Cisco VPN client.  The router includes the IPSec and VPN bundles.  I can't seem to find any decent documentation online to set this up.  I would like one group vpn that multiple pcs running the Cisco vpn client can connect to.  Thanks.
0
Comment
Question by:jimmyray7
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 335 total points
ID: 10960433
http://www.cisco.com/en/US/tech/tk583/tk642/technologies_configuration_example09186a00800a393b.shtml
This link includes tacacs authentication for the users, but you can simply leave out the aaa/tacacs commands and use local authentication

Command reference:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_r/fipsencr/srfipsec.htm
0
 
LVL 8

Author Comment

by:jimmyray7
ID: 10960888
What are the different options for authentication?  I don't want to use an external server.  A common username/password would be fine.
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10961036
Then you would want to use local authentication.
0
 
LVL 8

Author Comment

by:jimmyray7
ID: 10962793
I've made some progress, but the authentication isn't succeeding.  Here is my config at the moment:

Current configuration : 4492 bytes
!
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname #########
!
logging queue-limit 100
logging buffered 128000 debugging
enable secret 5 #########
enable password 7 #########
!
username ######### privilege 15 password 7 #########
aaa new-model
!
!
aaa authentication login userauth1 local enable
aaa authorization network userauth1 local
aaa session-id common
ip subnet-zero
no ip source-route
ip cef
!
!
ip domain name #########
ip name-server #########
ip name-server #########
!
no ip bootp server
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group name
!
!
!
!
crypto isakmp policy 10
encr 3des
 hash md5
 authentication pre-share
!
crypto isakmp policy 20
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key ######### address #########
!
crypto isakmp client configuration group vpngroup
 key #########
 domain #########
 pool monopool
!
!
crypto ipsec transform-set sonicwall esp-3des esp-md5-hmac
crypto ipsec transform-set remoteClient esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 20
 set transform-set remoteClient
!
!
crypto map sonicwallmap 10 ipsec-isakmp
 set peer #########
 set security-association lifetime seconds 86400
 set transform-set sonicwall
 match address 120
!
crypto map clientmap client authentication list userauth1
crypto map clientmap isakmp authorization list userauth1
crypto map clientmap client configuration address respond
crypto map clientmap 20 ipsec-isakmp dynamic dynmap
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Null0
 no ip unreachables
!
interface FastEthernet0/0
 description $FW_OUTSIDE$
 ip address ######### #########
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 speed 100
 half-duplex
 no cdp enable
 crypto map clientmap
!
interface Serial0/0
 description Frame-Relay ISP #########
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation frame-relay IETF
 ip route-cache flow
 frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
 description $FW_OUTSIDE$Serial# #########
 ip address ######### #########
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 frame-relay interface-dlci 37 IETF
 crypto map sonicwallmap
!
interface FastEthernet0/1
 description $FW_INSIDE$$ETH-LAN$10.0.0.0/16 lan
 ip address 10.0.2.250 255.255.0.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
 no cdp enable
!
router ospf 1
 log-adjacency-changes
 network 10.0.0.0 0.0.255.255 area 0
 network 10.92.0.0 0.0.255.255 area 0
 network ######### area 0
 network ######### area 0
!
ip local pool ippool 10.0.3.240 10.0.3.250
ip http server
ip http authentication local
ip http secure-server
ip http secure-client-auth
ip classless
ip route 0.0.0.0 0.0.0.0 #########
ip route 10.0.0.0 255.255.0.0 FastEthernet0/1
!
!
!
access-list 120 remark SDM_ACL Category=20
access-list 120 permit ip 10.0.0.0 0.0.255.255 host #########
access-list 120 permit ip 10.0.0.0 0.0.255.255 10.92.0.0 0.0.255.255
no cdp run
!
radius-server authorization permit missing Service-Type
call rsvp-sync
!
!
mgcp profile default
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
 password 7 #########
 transport output telnet
line aux 0
 password 7 #########
 transport output telnet
line vty 0 4
 privilege level 15
 password 7 #########
 logging synchronous
 transport input ssh
 transport output telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
end
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now