Solved

Configure Cisco 2611XM as VPN server for Cisco VPN client

Posted on 2004-04-29
4
1,686 Views
Last Modified: 2008-02-01
I'm trying to configure my Cisco 2611 router to accept connections from the Cisco VPN client.  The router includes the IPSec and VPN bundles.  I can't seem to find any decent documentation online to set this up.  I would like one group vpn that multiple pcs running the Cisco vpn client can connect to.  Thanks.
0
Comment
Question by:jimmyray7
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 335 total points
Comment Utility
http://www.cisco.com/en/US/tech/tk583/tk642/technologies_configuration_example09186a00800a393b.shtml
This link includes tacacs authentication for the users, but you can simply leave out the aaa/tacacs commands and use local authentication

Command reference:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_r/fipsencr/srfipsec.htm
0
 
LVL 8

Author Comment

by:jimmyray7
Comment Utility
What are the different options for authentication?  I don't want to use an external server.  A common username/password would be fine.
0
 
LVL 11

Expert Comment

by:ewtaylor
Comment Utility
Then you would want to use local authentication.
0
 
LVL 8

Author Comment

by:jimmyray7
Comment Utility
I've made some progress, but the authentication isn't succeeding.  Here is my config at the moment:

Current configuration : 4492 bytes
!
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname #########
!
logging queue-limit 100
logging buffered 128000 debugging
enable secret 5 #########
enable password 7 #########
!
username ######### privilege 15 password 7 #########
aaa new-model
!
!
aaa authentication login userauth1 local enable
aaa authorization network userauth1 local
aaa session-id common
ip subnet-zero
no ip source-route
ip cef
!
!
ip domain name #########
ip name-server #########
ip name-server #########
!
no ip bootp server
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group name
!
!
!
!
crypto isakmp policy 10
encr 3des
 hash md5
 authentication pre-share
!
crypto isakmp policy 20
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key ######### address #########
!
crypto isakmp client configuration group vpngroup
 key #########
 domain #########
 pool monopool
!
!
crypto ipsec transform-set sonicwall esp-3des esp-md5-hmac
crypto ipsec transform-set remoteClient esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 20
 set transform-set remoteClient
!
!
crypto map sonicwallmap 10 ipsec-isakmp
 set peer #########
 set security-association lifetime seconds 86400
 set transform-set sonicwall
 match address 120
!
crypto map clientmap client authentication list userauth1
crypto map clientmap isakmp authorization list userauth1
crypto map clientmap client configuration address respond
crypto map clientmap 20 ipsec-isakmp dynamic dynmap
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Null0
 no ip unreachables
!
interface FastEthernet0/0
 description $FW_OUTSIDE$
 ip address ######### #########
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 speed 100
 half-duplex
 no cdp enable
 crypto map clientmap
!
interface Serial0/0
 description Frame-Relay ISP #########
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation frame-relay IETF
 ip route-cache flow
 frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
 description $FW_OUTSIDE$Serial# #########
 ip address ######### #########
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 frame-relay interface-dlci 37 IETF
 crypto map sonicwallmap
!
interface FastEthernet0/1
 description $FW_INSIDE$$ETH-LAN$10.0.0.0/16 lan
 ip address 10.0.2.250 255.255.0.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
 no cdp enable
!
router ospf 1
 log-adjacency-changes
 network 10.0.0.0 0.0.255.255 area 0
 network 10.92.0.0 0.0.255.255 area 0
 network ######### area 0
 network ######### area 0
!
ip local pool ippool 10.0.3.240 10.0.3.250
ip http server
ip http authentication local
ip http secure-server
ip http secure-client-auth
ip classless
ip route 0.0.0.0 0.0.0.0 #########
ip route 10.0.0.0 255.255.0.0 FastEthernet0/1
!
!
!
access-list 120 remark SDM_ACL Category=20
access-list 120 permit ip 10.0.0.0 0.0.255.255 host #########
access-list 120 permit ip 10.0.0.0 0.0.255.255 10.92.0.0 0.0.255.255
no cdp run
!
radius-server authorization permit missing Service-Type
call rsvp-sync
!
!
mgcp profile default
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
 password 7 #########
 transport output telnet
line aux 0
 password 7 #########
 transport output telnet
line vty 0 4
 privilege level 15
 password 7 #########
 logging synchronous
 transport input ssh
 transport output telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
end
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now