Cisco 2811 VPN Connection

Dear all,
I have a Cisco 2811 router and I would like to configure it in order to have VPN connections from anywhere in the Internet, to our central offices.
Currently, I am using an ISA server with RRas and the users can connect to the offices using windows vpn client.
What I want to do is to remove the ISA server and the RRas and use only the Cisco 2811 in order to let my users make VPN connections.
Would it possible to do it using windows vpn client through Dialer1, without having to install Cisco VPN client and the users be able to connect with active directory authentication?
I am attaching the 2811 configuration just in case this is feasible to be done.
Thank you very much in advance.
Building configuration...
 
Current configuration : 12881 bytes
!
! Last configuration change at 12:53:54 Athens Tue May 26 2009 by dot
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco2811
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 informational
enable secret 5 $1$M/UL$kvzOjacIgESedLaGsj7AI0
!
no aaa new-model
clock timezone Athens 2
clock summer-time Athens date Mar 30 2003 3:00 Oct 26 2003 4:00
!
!
ip cef
!
!
ip domain name zzzz.gr
ip name-server 195.xxx.xxx.2
ip name-server 195.xxx.xxx.1
ip port-map user-protocol--1 port tcp 3389
!
multilink bundle-name authenticated
!
parameter-map type protocol-info msn-servers
 server name messenger.hotmail.com
 server name gateway.messenger.hotmail.com
 server name webmessenger.msn.com
 
parameter-map type protocol-info aol-servers
 server name login.oscar.aol.com
 server name toc.oscar.aol.com
 server name oam-d09a.blue.aol.com
 
parameter-map type protocol-info yahoo-servers
 server name scs.msg.yahoo.com
 server name scsa.msg.yahoo.com
 server name scsb.msg.yahoo.com
 server name scsc.msg.yahoo.com
 server name scsd.msg.yahoo.com
 server name cs16.msg.dcn.yahoo.com
 server name cs19.msg.dcn.yahoo.com
 server name cs42.msg.dcn.yahoo.com
 server name cs53.msg.dcn.yahoo.com
 server name cs54.msg.dcn.yahoo.com
 server name ads1.vip.scd.yahoo.com
 server name radio1.launch.vip.dal.yahoo.com
 server name in1.msg.vip.re2.yahoo.com
 server name data1.my.vip.sc5.yahoo.com
 server name address1.pim.vip.mud.yahoo.com
 server name edit.messenger.yahoo.com
 server name messenger.yahoo.com
 server name http.pager.yahoo.com
 server name privacy.yahoo.com
 server name csa.yahoo.com
 server name csb.yahoo.com
 server name csc.yahoo.com
 
!
voice-card 0
 no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-712707056
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-712707056
 revocation-check none
 rsakeypair TP-self-signed-712707056
!
!
crypto pki certificate chain TP-self-signed-712707056
 certificate self-signed 01
  30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 37313237 30373035 36301E17 0D303830 38313931 31343031 
 
  	quit
! 
!
!
!
username xxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
archive
 log config
  hidekeys
!
!
!
class-map type inspect imap match-any sdm-app-imap
 match  invalid-command
class-map type inspect gnutella match-any sdm-app-gnutella
 match  file-transfer 
class-map match-any SDM-Transactional-1
 match  dscp af21 
 match  dscp af22 
 match  dscp af23 
class-map type inspect ymsgr match-any sdm-app-yahoo-otherservices
 match  service any 
class-map type inspect msnmsgr match-any sdm-app-msn-otherservices
 match  service any 
class-map match-any SDM-Signaling-1
 match  dscp cs3 
 match  dscp af31 
class-map match-any SDM-Routing-1
 match  dscp cs6 
class-map match-any SDM-Voice-1
 match  dscp ef 
class-map type inspect aol match-any sdm-app-aol-otherservices
 match  service any 
class-map type inspect pop3 match-any sdm-app-pop3
 match  invalid-command
class-map match-any SDM-Management-1
 match  dscp cs2 
class-map type inspect kazaa2 match-any sdm-app-kazaa2
 match  file-transfer 
class-map type inspect http match-any sdm-http-blockparam
 match  request port-misuse im
 match  request port-misuse p2p
 match  req-resp protocol-violation
class-map type inspect ymsgr match-any sdm-app-yahoo
 match  service text-chat 
class-map type inspect msnmsgr match-any sdm-app-msn
 match  service text-chat 
class-map type inspect edonkey match-any sdm-app-edonkey
 match  file-transfer 
 match  text-chat 
 match  search-file-name 
class-map type inspect http match-any sdm-app-httpmethods
 match  request method bcopy
 match  request method bdelete
 match  request method bmove
 match  request method bpropfind
 match  request method bproppatch
 match  request method connect
 match  request method copy
 match  request method delete
 match  request method edit
 match  request method getattribute
 match  request method getattributenames
 match  request method getproperties
 match  request method index
 match  request method lock
 match  request method mkcol
 match  request method mkdir
 match  request method move
 match  request method notify
 match  request method options
 match  request method poll
 match  request method propfind
 match  request method proppatch
 match  request method put
 match  request method revadd
 match  request method revlabel
 match  request method revlog
 match  request method revnum
 match  request method save
 match  request method search
 match  request method setattribute
 match  request method startrev
 match  request method stoprev
 match  request method subscribe
 match  request method trace
 match  request method unedit
 match  request method unlock
 match  request method unsubscribe
class-map type inspect edonkey match-any sdm-app-edonkeychat
 match  search-file-name 
 match  text-chat 
class-map type inspect http match-any sdm-http-allowparam
 match  request port-misuse tunneling
class-map type inspect fasttrack match-any sdm-app-fasttrack
 match  file-transfer 
class-map type inspect edonkey match-any sdm-app-edonkeydownload
 match  file-transfer 
class-map type inspect aol match-any sdm-app-aol
 match  service text-chat 
!
!
policy-map SDM-QoS-Policy-1
 class SDM-Voice-1
  priority percent 5
 class SDM-Signaling-1
  bandwidth percent 5
 class SDM-Routing-1
  bandwidth percent 33
 class SDM-Management-1
  bandwidth percent 5
 class SDM-Transactional-1
  bandwidth percent 5
 class class-default
  fair-queue
  random-detect
policy-map type inspect p2p sdm-action-app-p2p
 class type inspect edonkey sdm-app-edonkeychat
  log
  reset
 class type inspect edonkey sdm-app-edonkeydownload
  log
  reset
 class type inspect fasttrack sdm-app-fasttrack
  log
  reset
 class type inspect gnutella sdm-app-gnutella
  log
  reset
 class type inspect kazaa2 sdm-app-kazaa2
  log
  reset
 class class-default
policy-map type inspect im sdm-action-app-im
 class type inspect aol sdm-app-aol
  log
  allow
 class type inspect msnmsgr sdm-app-msn
  log
  reset
 class type inspect ymsgr sdm-app-yahoo
  log
  reset
 class type inspect aol sdm-app-aol-otherservices
  log
  reset
 class type inspect msnmsgr sdm-app-msn-otherservices
  log
  reset
 class type inspect ymsgr sdm-app-yahoo-otherservices
  log
  reset
 class class-default
policy-map type inspect http sdm-action-app-http
 class type inspect http sdm-http-blockparam
  log
  reset
 class type inspect http sdm-app-httpmethods
  log
  reset
 class type inspect http sdm-http-allowparam
  log
  allow
 class class-default
policy-map type inspect pop3 sdm-action-pop3
 class type inspect pop3 sdm-app-pop3
  log
 class class-default
policy-map type inspect imap sdm-action-imap
 class type inspect imap sdm-app-imap
  log
 class class-default
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$$ETH-LAN$$FW_INSIDE$
 ip address 10.x.x.x 255.255.255.0
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface ATM0/0/0
 no ip address
 shutdown
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0/0/0.1 point-to-point
 no snmp trap link-status
 pvc 8/35 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface ATM0/1/0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0/1/0.1 point-to-point
 no snmp trap link-status
 pvc 8/35 
  encapsulation aal5mux ppp dialer
  dialer pool-member 2
 !
!
interface ATM0/2/0
 no ip address
 shutdown
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address negotiated
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname xxxxx@xxxxx.gr
 ppp chap password 0 xxxxxx
 ppp pap sent-username xxxxx@xxxxx.gr password 0 xxxxxxx
!
interface Dialer1
 description $FW_OUTSIDE$
 ip address 62.xxx.xxx.xxx 255.255.255.0
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 2
 dialer-group 2
 ppp authentication chap pap callin
 ppp chap hostname xxxx@xxxxx.gr
 ppp chap password 0 xxxxxxx
 ppp pap sent-username xxxx@xxxxx.gr password 0 xxxxxxx
 service-policy output SDM-QoS-Policy-1
!
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 Dialer0 50
ip route 10.x.xx.x 255.255.255.0 10.x.x.x
!
ip flow-export version 5
ip flow-export destination 10.x.x.xx9 2055
ip flow-top-talkers
 top 200
 sort-by bytes
 cache-timeout 300
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool DOT 87.xxx.xxx.1X7 87.xxx.xxx.1X9 netmask 255.255.255.224
ip nat inside source list 1 pool DOT overload
ip nat inside source static tcp 10.XXX.XXX.131 25 87.XXX.XXX.160 25 extendable
ip nat inside source static tcp 10.XXX.XXX.131 80 87.XXX.XXX.160 80 extendable
ip nat inside source static tcp 10.XXX.XXX.131 110 87.XXX.XXX.160 110 extendable
ip nat inside source static tcp 10.XXX.XXX.131 143 87.XXX.XXX.160 143 extendable
ip nat inside source static tcp 10.XXX.XXX.131 443 87.XXX.XXX.160 443 extendable
ip nat inside source static tcp 10.XXX.XXX.131 465 87.XXX.XXX.160 465 extendable
ip nat inside source static tcp 10.XXX.XXX.131 585 87.XXX.XXX.160 585 extendable
ip nat inside source static tcp 10.XXX.XXX.131 993 87.XXX.XXX.160 993 extendable
ip nat inside source static tcp 10.XXX.XXX.131 995 87.XXX.XXX.160 995 extendable
ip nat inside source static 10.XXX.XXX.236 87.XXX.XXX.161
ip nat inside source static 10.XXX.XXX.238 87.XXX.XXX.162
ip nat inside source static tcp 10.XXX.XXX.16 3389 87.XXX.XXX.163 3389 extendable
ip nat inside source static 10.XXX.XXX.110 87.XXX.XXX.164
ip nat inside source static tcp 10.XXX.XXX.253 80 87.XXX.XXX.165 80 extendable
ip nat inside source static 10.XXX.XXX.6 87.XXX.XXX.166
ip nat inside source static tcp 10.XXX.XXX.241 21 87.XXX.XXX.170 21 extendable
ip nat inside source static tcp 10.XXX.XXX.241 80 87.XXX.XXX.170 80 extendable
ip nat inside source static tcp 10.XXX.XXX.241 443 87.XXX.XXX.170 443 extendable
ip nat inside source static tcp 10.XXX.XXX.241 2002 87.XXX.XXX.170 2002 extendable
ip nat inside source static tcp 10.XXX.XXX.243 80 87.XXX.XXX.171 80 extendable
ip nat inside source static tcp 10.XXX.XXX.243 443 87.XXX.XXX.171 443 extendable
ip nat inside source static tcp 10.XXX.XXX.243 669 87.XXX.XXX.171 669 extendable
ip nat inside source static tcp 10.XXX.XXX.243 990 87.XXX.XXX.171 990 extendable
ip nat inside source static tcp 10.XXX.XXX.243 2001 87.XXX.XXX.171 2001 extendable
ip nat inside source static tcp 10.XXX.XXX.245 3389 87.XXX.XXX.172 3389 extendable
!
access-list 1 permit 10.XXX.XXX.0 0.0.0.255
access-list 121 remark Dot Users
access-list 121 remark SDM_ACL Category=1
access-list 121 permit ip 10.XXX.XXX.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
snmp-server community private RW
snmp-server community public RO
snmp-server location FDSF
snmp-server contact Nikolaos Frestis
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 login local
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17180134
ntp update-calendar
ntp server 2XX.XX.XX.XX source Dialer1 prefer
 
!
webvpn cef
!
end

Open in new window

gloecAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

decoleurCommented:
what you are looting for is an EZVPN configuration for an IOS router that can support PPTP connections. The only think you would need on your router is a version of the IOS that would support the VPN commands.

here is a page with a basic configuration that would work. let me know if you have any questions regarding this config in your environment.

-t
0
gloecAuthor Commented:
Hi decoleur!
I cannot see the page!
The IOS Version is the 12.4(15)T1
Thank you
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

gloecAuthor Commented:
Hi decoleur,
I tried the CISCO way and everything seems OK until the authentication to the Active Directory. Do I need ACS in order to authenticate?
If this is so, I am afraid that I cannot have ACS.
Thanks,
Nikos
0
decoleurCommented:
you would need to set up the router to authenticate against AD and if you have to do it directly you will need to set up IAS on a windows DC to respond to radius requests from the router. let me know if you need assistance with setting that up.

-t
0
gloecAuthor Commented:
Thanks for your reply! :)
I would appreciate if I could have your help on how to set it up!
Thanks
Nikos
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gloecAuthor Commented:
Because I will be out of office for this week, I will have a try the suggested solution next week.
Thanx!
0
gloecAuthor Commented:
Unfortunately I could not make ezvpn to work with radius and I will continue using ISA Server. Expert's comments were useful up to a certain point I would like to thank him for that.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.