Cisco VPN

Posted on 2011-10-19
Last Modified: 2012-06-27
Hi Folks,
 i could use some advice please. I have a cisco 1841 and it is sat in front of an asterisk High Availability cluster but I have nailed down access via the extended ACL. I have some clients that want to connect via sip clients on their mobile phones however I cannot cater for a dynamic IP coming into our voice network.

The only option that I can see is a VPN. iPhones etc can cater for pptp, L2tp and ipsec. could you guide me to the best choice please and maybe point me to a run through of how to set it up please?

I heard also that you have to have a cisco license to run ipsec is that true?
Question by:plewis-brown
    LVL 26

    Accepted Solution


    Author Comment

    Hi Soulja,
     Thanks for the link above, this config is in 2 parts as I think it is creating an ipsec tunnel between two cisco routers. I want  clients on the wan to be able to connect via ipsec to the cisco 1841 then access the internet or a local IP on a few ports. Can I drop the peer arrangement in this config?
    Version 12.1
    no service single-slot-reload-enable
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    hostname moss
    logging rate-limit console 10 except errors
    enable password ww
    ip subnet-zero
    no ip finger
    ip audit notify log
    ip audit po max-events 100
    crypto isakmp policy 1
    hash md5
    authentication pre-share
    crypto isakmp key cisco123 address
    crypto isakmp key cisco123 address
    crypto isakmp client configuration address-pool local RTP-POOL
    crypto ipsec transform-set rtpset esp-des esp-md5-hmac 
    crypto dynamic-map rtp-dynamic 20
    set transform-set rtpset 
    crypto map rtp client configuration address initiate
    crypto map rtp client configuration address respond
    !crypto map sequence for network to network traffic
    crypto map rtp 1 ipsec-isakmp 
    set peer
    set transform-set rtpset 
    match address 115
    !--- crypto map sequence for VPN Client network traffic.
    crypto map rtp 10 ipsec-isakmp dynamic rtp-dynamic 
    call rsvp-sync
    interface Ethernet2/0
    ip address
    ip nat outside
    no ip route-cache
    no ip mroute-cache
    crypto map rtp
    interface Serial2/0
    no ip address
    interface Ethernet2/1
    ip address
    ip nat inside
    ip local pool RTP-POOL
    ip nat pool ETH20 netmask
    ip nat inside source route-map nonat pool ETH20 overload
    ip classless
    ip route
    ip route
    ip route
    no ip http server
    !--- Exclude traffic from NAT process.
    access-list 110 deny ip
    access-list 110 deny ip
    access-list 110 permit ip any
    !--- Include traffic in encryption process.
    access-list 115 permit ip
    access-list 115 permit ip
    route-map nonat permit 10
    match ip address 110
    dial-peer cor custom
    line con 0
    transport input none
    line aux 0
    line vty 0 4

    Open in new window


    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
    Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now