Cisco VPN

Posted on 2011-10-19
Medium Priority
Last Modified: 2012-06-27
Hi Folks,
 i could use some advice please. I have a cisco 1841 and it is sat in front of an asterisk High Availability cluster but I have nailed down access via the extended ACL. I have some clients that want to connect via sip clients on their mobile phones however I cannot cater for a dynamic IP coming into our voice network.

The only option that I can see is a VPN. iPhones etc can cater for pptp, L2tp and ipsec. could you guide me to the best choice please and maybe point me to a run through of how to set it up please?

I heard also that you have to have a cisco license to run ipsec is that true?
Question by:plewis-brown
LVL 26

Accepted Solution

Soulja earned 500 total points
ID: 36994121

Author Comment

ID: 37011021
Hi Soulja,
 Thanks for the link above, this config is in 2 parts as I think it is creating an ipsec tunnel between two cisco routers. I want  clients on the wan to be able to connect via ipsec to the cisco 1841 then access the internet or a local IP on a few ports. Can I drop the peer arrangement in this config?
Version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname moss
logging rate-limit console 10 except errors
enable password ww
ip subnet-zero
no ip finger
ip audit notify log
ip audit po max-events 100
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key cisco123 address
crypto isakmp key cisco123 address
crypto isakmp client configuration address-pool local RTP-POOL
crypto ipsec transform-set rtpset esp-des esp-md5-hmac 
crypto dynamic-map rtp-dynamic 20
set transform-set rtpset 
crypto map rtp client configuration address initiate
crypto map rtp client configuration address respond
!crypto map sequence for network to network traffic
crypto map rtp 1 ipsec-isakmp 
set peer
set transform-set rtpset 
match address 115

!--- crypto map sequence for VPN Client network traffic.

crypto map rtp 10 ipsec-isakmp dynamic rtp-dynamic 
call rsvp-sync
interface Ethernet2/0
ip address
ip nat outside
no ip route-cache
no ip mroute-cache
crypto map rtp
interface Serial2/0
no ip address
interface Ethernet2/1
ip address
ip nat inside
ip local pool RTP-POOL
ip nat pool ETH20 netmask
ip nat inside source route-map nonat pool ETH20 overload
ip classless
ip route
ip route
ip route
no ip http server

!--- Exclude traffic from NAT process.

access-list 110 deny ip
access-list 110 deny ip
access-list 110 permit ip any

!--- Include traffic in encryption process.

access-list 115 permit ip
access-list 115 permit ip
route-map nonat permit 10
match ip address 110
dial-peer cor custom
line con 0
transport input none
line aux 0
line vty 0 4

Open in new window


Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question