VPN client access Router cisco 837
Hi,
I would like to setup remote vpn client access on my router. I have the software from cisco (vpn client). Previously I have setup vpn access on asa 5505, I used radius to authenticate the session with a windows 2003 server. This time I am using cisco 837 series and I would like to setup vpn client access, I really have no idea how to do this, there wont be a server to authenticate the session so I just want a basic username and password to connect in to my network. I have attached a config, can anyone help? Also I have 2 vpn tunnels connecting into this network and none of them can gain access to our Lacie drive (10.11.1.3) can anyone see if my firewall may be blocking access as well? Thanks
I would like to setup remote vpn client access on my router. I have the software from cisco (vpn client). Previously I have setup vpn access on asa 5505, I used radius to authenticate the session with a windows 2003 server. This time I am using cisco 837 series and I would like to setup vpn client access, I really have no idea how to do this, there wont be a server to authenticate the session so I just want a basic username and password to connect in to my network. I have attached a config, can anyone help? Also I have 2 vpn tunnels connecting into this network and none of them can gain access to our Lacie drive (10.11.1.3) can anyone see if my firewall may be blocking access as well? Thanks
Building configuration...
Current configuration : 5814 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RTR1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$z9rX$ZH3myMhQ7t/j/Gb4bqOh.0
enable password password
!
clock timezone London 0
clock summer-time London date Mar 30 2003 1:00 Oct 26 2003 2:00
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 10.11.1.1 10.11.1.99
!
ip dhcp pool Default
import all
network 10.11.1.0 255.255.255.0
dns-server 194.72.0.114 62.6.40.162
default-router 10.11.1.1
!
!
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip ips po max-events 100
no ftp-server write-enable
!
!
username admin privilege 15 view root secret 5 $1$r3GO$v2o3/79JBJjz2TJmKC2ya0
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key password address 90.152.x.x
crypto isakmp key password address 82.69.x.x
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to90.152.x.x
set peer 90.152.x.x
set transform-set ESP-3DES-SHA
match address 102
crypto map SDM_CMAP_1 2 ipsec-isakmp
description Tunnel to82.69.x.x
set peer 82.69.x.x
set security-association lifetime seconds 86400
set transform-set ESP-3DES-SHA1
match address 104
!
!
!
interface Ethernet0
description $FW_INSIDE$
ip address 10.11.1.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer0
description $FW_OUTSIDE$
ip address 213.120.x.x255.255.255.248
ip access-group 101 in
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname User@isp
ppp chap password 0 password
crypto map SDM_CMAP_1
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
ip nat inside source static tcp 10.11.1.3 21 213.120.x.x21 extendable
!
!
access-list 1 remark INSIDE_IF=Ethernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.11.1.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip 213.120.112.136 0.0.0.7 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 remark IPSec Rule
access-list 101 permit ip 10.12.1.0 0.0.0.255 10.11.1.0 0.0.0.255
access-list 101 permit udp host 82.69.x.x host 213.120.x.xeq non500-isakmp
access-list 101 permit udp host 82.69.x.x host 213.120.x.xeq isakmp
access-list 101 permit esp host 82.69.x.x host 213.120.112.140
access-list 101 permit ahp host 82.69.x.x host 213.120.112.140
access-list 101 remark IPSec Rule
access-list 101 permit ip 192.168.0.0 0.0.0.255 10.11.1.0 0.0.0.255
access-list 101 permit udp host 90.152.x.x host 213.120.x.xeq non500-isakmp
access-list 101 permit udp host 90.152.x.x host 213.120.x.xeq isakmp
access-list 101 permit esp host 90.152.x.x host 213.120.112.140
access-list 101 permit ahp host 90.152.x.x host 213.120.112.140
access-list 101 deny ip 10.11.1.0 0.0.0.255 any
access-list 101 permit tcp any host 213.120.x.xeq ftp
access-list 101 permit icmp any host 213.120.x.xecho-reply
access-list 101 permit icmp any host 213.120.x.xtime-exceeded
access-list 101 permit icmp any host 213.120.x.xunreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 10.11.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 remark SDM_ACL Category=2
access-list 103 remark IPSec Rule
access-list 103 deny ip 10.11.1.0 0.0.0.255 10.12.1.0 0.0.0.255
access-list 103 remark IPSec Rule
access-list 103 deny ip 10.11.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 103 permit ip 10.11.1.0 0.0.0.255 any
access-list 104 remark SDM_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 10.11.1.0 0.0.0.255 10.12.1.0 0.0.0.255
dialer-list 1 protocol ip permit
route-map SDM_RMAP_1 permit 1
match ip address 103
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
exec-timeout 120 0
password password
login
length 0
!
scheduler max-task-time 5000
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.