How do I setup the Cisco VPN Client to connect to an 857 ADSL Router?
Dear Experts,
I have a Cisco 857 with a static public IP address. It connects to 2 other 857's via a VPN. These connection are permanently "UP".
A remote user with a Laptop & the Cisco VPN Client wants to connect to the 857.
How do I configure the router to accept Cisco VPN Client connections?
Config as follows :-
!
version 12.4
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service udp-small-servers
service tcp-small-servers
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 xxxxx
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime 0
ip gratuitous-arps
ip dhcp excluded-address 10.10.10.1
!
!
ip cef
ip finger
ip tcp synwait-time 10
no ip domain lookup
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-4190127240
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-4190127240
!
!
crypto pki certificate chain TP-self-signed-4190127240
certificate self-signed 01
3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34313930 31323732 3430301E 170D3036 31303034 32303130
31355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31393031
32373234 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B7A0 BD921995 1C272F47 BEAE6002 BC1203F7 FF2A2931 2C8EDEE8 2B6453AD
7966908E 26AEB8F9 6E8A010A 14856B44 2EF4E10F 9649F1A0 064533E3 B3DB63B9
E6F375F0 EC687DD8 616592F8 3FD134F7 6106A400 354BBF93 0CB169FB FC4056D3
6C4FD1EF 733F0DAB 181E133A 27BFEB5E E37D0C46 86725BCE 6185FD5D 13B260B7
822D0203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603
551D1104 0A300882 06526F75 74657230 1F060355 1D230418 30168014 A779B423
D1DCDC25 4AED4012 7B7F6D02 74FB2754 301D0603 551D0E04 160414A7 79B423D1
DCDC254A ED40127B 7F6D0274 FB275430 0D06092A 864886F7 0D010104 05000381
81006BF0 4A230F8E AAE1BFA7 BA0C6FBB A1DD4C55 C59FEC70 C4E0978A 543F2807
2F592767 4445FCC5 22E2A083 FB1C0EBF 072F73A7 814EE81B 615BC462 3346B0C8
CBB4C04F 01B6481B 7984F3F2 D38A1E01 67AA0859 313D1426 5881F00F 65A93549
F75A5CE9 C8E16E7E C821D124 FB30E3FF 858E18AC 6ACF1448 071D8232 8C76702E B6DB
quit
username xxxxx privilege 15 secret 5 xxxxx.
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key xxxxx address x.x.x.x
crypto isakmp key xxxxx address x.x.x.x
crypto isakmp keepalive 300 periodic
!
!
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description xxxxx
set peer x.x.x.x
set transform-set ESP-3DES-MD5
match address 105
crypto map SDM_CMAP_1 2 ipsec-isakmp
description xxxxx
set peer x.x.x.x
set transform-set ESP-3DES-MD5
match address 110
!
!
!
interface ATM0
no ip address
ip mask-reply
ip directed-broadcast
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip mask-reply
ip directed-broadcast
no snmp trap link-status
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-
ip address 192.168.1.1 255.255.255.0
ip mask-reply
ip directed-broadcast
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer0
description $FW_OUTSIDE$
ip address x.x.x.x 255.255.255.248
ip mask-reply
ip directed-broadcast
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxx
ppp chap password xxxxx
ppp pap sent-username xxxxx password xxxxx
crypto map SDM_CMAP_1
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source static tcp 192.168.1.2 4125 interface Dialer0 4125
ip nat inside source static tcp 192.168.1.2 1723 interface Dialer0 1723
ip nat inside source static tcp 192.168.1.2 3389 interface Dialer0 3389
ip nat inside source static tcp 192.168.1.2 443 interface Dialer0 443
ip nat inside source static tcp 192.168.1.2 25 interface Dialer0 25
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.1.0 0.0.0.255 10.10.55.0 0.0.0.255
access-list 101 remark SDM_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 remark IPSec Rule
access-list 101 deny ip 192.168.1.0 0.0.0.255 10.10.55.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 103 remark SDM_ACL Category=4
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 104 remark SDM_ACL Category=4
access-list 104 permit gre host 81.149.149.105 host 81.149.152.155
access-list 105 remark SDM_ACL Category=4
access-list 105 remark IPSec Rule
access-list 105 permit ip 192.168.1.0 0.0.0.255 10.10.55.0 0.0.0.255
access-list 106 remark SDM_ACL Category=4
access-list 106 remark IPSec Rule
access-list 106 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 107 remark SDM_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 108 remark SDM_ACL Category=4
access-list 108 remark IPSec Rule
access-list 108 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 109 remark SDM_ACL Category=4
access-list 109 remark IPSec Rule
access-list 109 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 110 remark SDM_ACL Category=4
access-list 110 remark IPSec Rule
access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 101
!
!
control-plane
!
banner login _P_
!
line con 0
login authentication local_authen
no modem enable
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line vty 0 4
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
I have a Cisco 857 with a static public IP address. It connects to 2 other 857's via a VPN. These connection are permanently "UP".
A remote user with a Laptop & the Cisco VPN Client wants to connect to the 857.
How do I configure the router to accept Cisco VPN Client connections?
Config as follows :-
!
version 12.4
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service udp-small-servers
service tcp-small-servers
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 xxxxx
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime 0
ip gratuitous-arps
ip dhcp excluded-address 10.10.10.1
!
!
ip cef
ip finger
ip tcp synwait-time 10
no ip domain lookup
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-4190127240
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-4190127240
!
!
crypto pki certificate chain TP-self-signed-4190127240
certificate self-signed 01
3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34313930 31323732 3430301E 170D3036 31303034 32303130
31355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31393031
32373234 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B7A0 BD921995 1C272F47 BEAE6002 BC1203F7 FF2A2931 2C8EDEE8 2B6453AD
7966908E 26AEB8F9 6E8A010A 14856B44 2EF4E10F 9649F1A0 064533E3 B3DB63B9
E6F375F0 EC687DD8 616592F8 3FD134F7 6106A400 354BBF93 0CB169FB FC4056D3
6C4FD1EF 733F0DAB 181E133A 27BFEB5E E37D0C46 86725BCE 6185FD5D 13B260B7
822D0203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603
551D1104 0A300882 06526F75 74657230 1F060355 1D230418 30168014 A779B423
D1DCDC25 4AED4012 7B7F6D02 74FB2754 301D0603 551D0E04 160414A7 79B423D1
DCDC254A ED40127B 7F6D0274 FB275430 0D06092A 864886F7 0D010104 05000381
81006BF0 4A230F8E AAE1BFA7 BA0C6FBB A1DD4C55 C59FEC70 C4E0978A 543F2807
2F592767 4445FCC5 22E2A083 FB1C0EBF 072F73A7 814EE81B 615BC462 3346B0C8
CBB4C04F 01B6481B 7984F3F2 D38A1E01 67AA0859 313D1426 5881F00F 65A93549
F75A5CE9 C8E16E7E C821D124 FB30E3FF 858E18AC 6ACF1448 071D8232 8C76702E B6DB
quit
username xxxxx privilege 15 secret 5 xxxxx.
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key xxxxx address x.x.x.x
crypto isakmp key xxxxx address x.x.x.x
crypto isakmp keepalive 300 periodic
!
!
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description xxxxx
set peer x.x.x.x
set transform-set ESP-3DES-MD5
match address 105
crypto map SDM_CMAP_1 2 ipsec-isakmp
description xxxxx
set peer x.x.x.x
set transform-set ESP-3DES-MD5
match address 110
!
!
!
interface ATM0
no ip address
ip mask-reply
ip directed-broadcast
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip mask-reply
ip directed-broadcast
no snmp trap link-status
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-
ip address 192.168.1.1 255.255.255.0
ip mask-reply
ip directed-broadcast
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer0
description $FW_OUTSIDE$
ip address x.x.x.x 255.255.255.248
ip mask-reply
ip directed-broadcast
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxx
ppp chap password xxxxx
ppp pap sent-username xxxxx password xxxxx
crypto map SDM_CMAP_1
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source static tcp 192.168.1.2 4125 interface Dialer0 4125
ip nat inside source static tcp 192.168.1.2 1723 interface Dialer0 1723
ip nat inside source static tcp 192.168.1.2 3389 interface Dialer0 3389
ip nat inside source static tcp 192.168.1.2 443 interface Dialer0 443
ip nat inside source static tcp 192.168.1.2 25 interface Dialer0 25
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.1.0 0.0.0.255 10.10.55.0 0.0.0.255
access-list 101 remark SDM_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 remark IPSec Rule
access-list 101 deny ip 192.168.1.0 0.0.0.255 10.10.55.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 103 remark SDM_ACL Category=4
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 104 remark SDM_ACL Category=4
access-list 104 permit gre host 81.149.149.105 host 81.149.152.155
access-list 105 remark SDM_ACL Category=4
access-list 105 remark IPSec Rule
access-list 105 permit ip 192.168.1.0 0.0.0.255 10.10.55.0 0.0.0.255
access-list 106 remark SDM_ACL Category=4
access-list 106 remark IPSec Rule
access-list 106 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 107 remark SDM_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 108 remark SDM_ACL Category=4
access-list 108 remark IPSec Rule
access-list 108 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 109 remark SDM_ACL Category=4
access-list 109 remark IPSec Rule
access-list 109 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 110 remark SDM_ACL Category=4
access-list 110 remark IPSec Rule
access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 101
!
!
control-plane
!
banner login _P_
!
line con 0
login authentication local_authen
no modem enable
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line vty 0 4
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi The link doesnt work anymore, can you please repost it.