Solved

Configure Cisco 2611XM as VPN server for Cisco VPN client

Posted on 2004-04-29
4
1,721 Views
Last Modified: 2008-02-01
I'm trying to configure my Cisco 2611 router to accept connections from the Cisco VPN client.  The router includes the IPSec and VPN bundles.  I can't seem to find any decent documentation online to set this up.  I would like one group vpn that multiple pcs running the Cisco vpn client can connect to.  Thanks.
0
Comment
Question by:jimmyray7
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 335 total points
ID: 10960433
http://www.cisco.com/en/US/tech/tk583/tk642/technologies_configuration_example09186a00800a393b.shtml
This link includes tacacs authentication for the users, but you can simply leave out the aaa/tacacs commands and use local authentication

Command reference:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_r/fipsencr/srfipsec.htm
0
 
LVL 8

Author Comment

by:jimmyray7
ID: 10960888
What are the different options for authentication?  I don't want to use an external server.  A common username/password would be fine.
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 10961036
Then you would want to use local authentication.
0
 
LVL 8

Author Comment

by:jimmyray7
ID: 10962793
I've made some progress, but the authentication isn't succeeding.  Here is my config at the moment:

Current configuration : 4492 bytes
!
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname #########
!
logging queue-limit 100
logging buffered 128000 debugging
enable secret 5 #########
enable password 7 #########
!
username ######### privilege 15 password 7 #########
aaa new-model
!
!
aaa authentication login userauth1 local enable
aaa authorization network userauth1 local
aaa session-id common
ip subnet-zero
no ip source-route
ip cef
!
!
ip domain name #########
ip name-server #########
ip name-server #########
!
no ip bootp server
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group name
!
!
!
!
crypto isakmp policy 10
encr 3des
 hash md5
 authentication pre-share
!
crypto isakmp policy 20
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key ######### address #########
!
crypto isakmp client configuration group vpngroup
 key #########
 domain #########
 pool monopool
!
!
crypto ipsec transform-set sonicwall esp-3des esp-md5-hmac
crypto ipsec transform-set remoteClient esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 20
 set transform-set remoteClient
!
!
crypto map sonicwallmap 10 ipsec-isakmp
 set peer #########
 set security-association lifetime seconds 86400
 set transform-set sonicwall
 match address 120
!
crypto map clientmap client authentication list userauth1
crypto map clientmap isakmp authorization list userauth1
crypto map clientmap client configuration address respond
crypto map clientmap 20 ipsec-isakmp dynamic dynmap
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Null0
 no ip unreachables
!
interface FastEthernet0/0
 description $FW_OUTSIDE$
 ip address ######### #########
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 speed 100
 half-duplex
 no cdp enable
 crypto map clientmap
!
interface Serial0/0
 description Frame-Relay ISP #########
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation frame-relay IETF
 ip route-cache flow
 frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
 description $FW_OUTSIDE$Serial# #########
 ip address ######### #########
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 frame-relay interface-dlci 37 IETF
 crypto map sonicwallmap
!
interface FastEthernet0/1
 description $FW_INSIDE$$ETH-LAN$10.0.0.0/16 lan
 ip address 10.0.2.250 255.255.0.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
 no cdp enable
!
router ospf 1
 log-adjacency-changes
 network 10.0.0.0 0.0.255.255 area 0
 network 10.92.0.0 0.0.255.255 area 0
 network ######### area 0
 network ######### area 0
!
ip local pool ippool 10.0.3.240 10.0.3.250
ip http server
ip http authentication local
ip http secure-server
ip http secure-client-auth
ip classless
ip route 0.0.0.0 0.0.0.0 #########
ip route 10.0.0.0 255.255.0.0 FastEthernet0/1
!
!
!
access-list 120 remark SDM_ACL Category=20
access-list 120 permit ip 10.0.0.0 0.0.255.255 host #########
access-list 120 permit ip 10.0.0.0 0.0.255.255 10.92.0.0 0.0.255.255
no cdp run
!
radius-server authorization permit missing Service-Type
call rsvp-sync
!
!
mgcp profile default
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
 password 7 #########
 transport output telnet
line aux 0
 password 7 #########
 transport output telnet
line vty 0 4
 privilege level 15
 password 7 #########
 logging synchronous
 transport input ssh
 transport output telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
end
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Available cert SBS2008 for L2TP /IPSec 4 90
Routing certain SSLVPN Traffic to CDN 1 37
Problems with VPN 4 61
Fortigate SSL-VPN Split Tunneling question 4 60
Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question