?
Solved

Cisco VPN

Posted on 2011-10-19
2
Medium Priority
?
388 Views
Last Modified: 2012-06-27
Hi Folks,
 i could use some advice please. I have a cisco 1841 and it is sat in front of an asterisk High Availability cluster but I have nailed down access via the extended ACL. I have some clients that want to connect via sip clients on their mobile phones however I cannot cater for a dynamic IP coming into our voice network.

The only option that I can see is a VPN. iPhones etc can cater for pptp, L2tp and ipsec. could you guide me to the best choice please and maybe point me to a run through of how to set it up please?

I heard also that you have to have a cisco license to run ipsec is that true?
0
Comment
Question by:plewis-brown
2 Comments
 
LVL 26

Accepted Solution

by:
Soulja earned 500 total points
ID: 36994121
0
 

Author Comment

by:plewis-brown
ID: 37011021
Hi Soulja,
 Thanks for the link above, this config is in 2 parts as I think it is creating an ipsec tunnel between two cisco routers. I want  clients on the wan to be able to connect via ipsec to the cisco 1841 then access the internet or a local IP on a few ports. Can I drop the peer arrangement in this config?
Version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname moss
!
logging rate-limit console 10 except errors
enable password ww
!
ip subnet-zero
!
no ip finger
!
ip audit notify log
ip audit po max-events 100
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key cisco123 address 99.99.99.1
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
crypto isakmp client configuration address-pool local RTP-POOL
!
crypto ipsec transform-set rtpset esp-des esp-md5-hmac 
!
crypto dynamic-map rtp-dynamic 20
set transform-set rtpset 
!
crypto map rtp client configuration address initiate
crypto map rtp client configuration address respond
!crypto map sequence for network to network traffic
crypto map rtp 1 ipsec-isakmp 
set peer 99.99.99.1
set transform-set rtpset 
match address 115

!--- crypto map sequence for VPN Client network traffic.

crypto map rtp 10 ipsec-isakmp dynamic rtp-dynamic 
!
call rsvp-sync
!
interface Ethernet2/0
ip address 172.18.124.154 255.255.255.0
ip nat outside
no ip route-cache
no ip mroute-cache
half-duplex
crypto map rtp
!
interface Serial2/0
no ip address
shutdown
!
interface Ethernet2/1
ip address 10.13.1.19 255.255.255.0
ip nat inside
half-duplex
!
ip local pool RTP-POOL 192.168.1.1 192.168.1.254
ip nat pool ETH20 172.18.124.154 172.18.124.154 netmask 255.255.255.0
ip nat inside source route-map nonat pool ETH20 overload
ip classless
ip route 0.0.0.0 0.0.0.0 172.18.124.1
ip route 10.1.1.0 255.255.255.0 172.18.124.158
ip route 99.99.99.0 255.255.255.0 172.18.124.158
no ip http server
!

!--- Exclude traffic from NAT process.

access-list 110 deny ip 10.13.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 110 deny ip 10.13.1.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 110 permit ip 10.13.1.0 0.0.0.255 any

!--- Include traffic in encryption process.

access-list 115 permit ip 10.13.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 115 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
route-map nonat permit 10
match ip address 110
!
dial-peer cor custom
!
line con 0
transport input none
line aux 0
line vty 0 4
login
!
end

Open in new window

0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question