Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Configure Cisco 2611XM as VPN server for Cisco VPN client

Posted on 2004-04-29
4
Medium Priority
?
1,774 Views
Last Modified: 2008-02-01
I'm trying to configure my Cisco 2611 router to accept connections from the Cisco VPN client.  The router includes the IPSec and VPN bundles.  I can't seem to find any decent documentation online to set this up.  I would like one group vpn that multiple pcs running the Cisco vpn client can connect to.  Thanks.
0
Comment
Question by:jimmyray7
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 1005 total points
ID: 10960433
http://www.cisco.com/en/US/tech/tk583/tk642/technologies_configuration_example09186a00800a393b.shtml
This link includes tacacs authentication for the users, but you can simply leave out the aaa/tacacs commands and use local authentication

Command reference:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_r/fipsencr/srfipsec.htm
0
 
LVL 8

Author Comment

by:jimmyray7
ID: 10960888
What are the different options for authentication?  I don't want to use an external server.  A common username/password would be fine.
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10961036
Then you would want to use local authentication.
0
 
LVL 8

Author Comment

by:jimmyray7
ID: 10962793
I've made some progress, but the authentication isn't succeeding.  Here is my config at the moment:

Current configuration : 4492 bytes
!
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname #########
!
logging queue-limit 100
logging buffered 128000 debugging
enable secret 5 #########
enable password 7 #########
!
username ######### privilege 15 password 7 #########
aaa new-model
!
!
aaa authentication login userauth1 local enable
aaa authorization network userauth1 local
aaa session-id common
ip subnet-zero
no ip source-route
ip cef
!
!
ip domain name #########
ip name-server #########
ip name-server #########
!
no ip bootp server
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group name
!
!
!
!
crypto isakmp policy 10
encr 3des
 hash md5
 authentication pre-share
!
crypto isakmp policy 20
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key ######### address #########
!
crypto isakmp client configuration group vpngroup
 key #########
 domain #########
 pool monopool
!
!
crypto ipsec transform-set sonicwall esp-3des esp-md5-hmac
crypto ipsec transform-set remoteClient esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 20
 set transform-set remoteClient
!
!
crypto map sonicwallmap 10 ipsec-isakmp
 set peer #########
 set security-association lifetime seconds 86400
 set transform-set sonicwall
 match address 120
!
crypto map clientmap client authentication list userauth1
crypto map clientmap isakmp authorization list userauth1
crypto map clientmap client configuration address respond
crypto map clientmap 20 ipsec-isakmp dynamic dynmap
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Null0
 no ip unreachables
!
interface FastEthernet0/0
 description $FW_OUTSIDE$
 ip address ######### #########
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 speed 100
 half-duplex
 no cdp enable
 crypto map clientmap
!
interface Serial0/0
 description Frame-Relay ISP #########
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation frame-relay IETF
 ip route-cache flow
 frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
 description $FW_OUTSIDE$Serial# #########
 ip address ######### #########
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 frame-relay interface-dlci 37 IETF
 crypto map sonicwallmap
!
interface FastEthernet0/1
 description $FW_INSIDE$$ETH-LAN$10.0.0.0/16 lan
 ip address 10.0.2.250 255.255.0.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
 no cdp enable
!
router ospf 1
 log-adjacency-changes
 network 10.0.0.0 0.0.255.255 area 0
 network 10.92.0.0 0.0.255.255 area 0
 network ######### area 0
 network ######### area 0
!
ip local pool ippool 10.0.3.240 10.0.3.250
ip http server
ip http authentication local
ip http secure-server
ip http secure-client-auth
ip classless
ip route 0.0.0.0 0.0.0.0 #########
ip route 10.0.0.0 255.255.0.0 FastEthernet0/1
!
!
!
access-list 120 remark SDM_ACL Category=20
access-list 120 permit ip 10.0.0.0 0.0.255.255 host #########
access-list 120 permit ip 10.0.0.0 0.0.255.255 10.92.0.0 0.0.255.255
no cdp run
!
radius-server authorization permit missing Service-Type
call rsvp-sync
!
!
mgcp profile default
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
 password 7 #########
 transport output telnet
line aux 0
 password 7 #########
 transport output telnet
line vty 0 4
 privilege level 15
 password 7 #########
 logging synchronous
 transport input ssh
 transport output telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
end
0

Featured Post

Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question