cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1694
Views
5
Helpful
12
Replies

VPN Client config

ntmanjunath
Level 1
Level 1

Hi,

How to configure VPN Client in Cisco router and let me know the sample configuration.

Regards,

1 Accepted Solution

Accepted Solutions

the config looks ok now

but as i told u

o the client vpn software there is group name and password

put the group name as admin and pasword as admin 123

once the phase one of the vpn setup done u will be prompted to enter username and password in this stage use one of the username and password u created such as

manju and pass cisco

good luck

please, if helpful rate

and let me know if worked or not

View solution in original post

12 Replies 12

Marwan ALshawi
VIP Alumni
VIP Alumni

Hi,

Can you please give simple configuration for VPN client? This would be more complicated.

Just for two to three user can access.

Regards

RTRA(config)# aaa new-model (1)

RTRA(config)# aaa authentication login vpnclient local

RTRA(config)# aaa authorization network localgroups local

RTRA(config)# username user1 secret user1

RTRA(config)# username user2 secret user2

RTRA(config)# username vpnuser secret 12345

RTRA(config)# crypto isakmp policy 10

RTRA(config-isakmp)# encryption aes 128

RTRA(config-isakmp)# hash sha

RTRA(config-isakmp)# authentication pre-share

RTRA(config-isakmp)# group 2

RTRA(config-isakmp)# exit

RTRA(config)# crypto isakmp keepalive 20 3

RTRA(config)# ip local pool pool1 192.168.0.200 192.168.0.219

RTRA(config)# ip access-list extended splitremote

RTRA(config-ext-nacl)# permit ip 192.168.0.0 0.0.0.255 any

RTRA(config-ext-nacl)# exit

RTRA(config)# crypto isakmp client configuration group admin

RTRA(config-isakmp-group)# key admin123

RTRA(config-isakmp-group)# pool pool1

RTRA(config-isakmp-group)# domain cisco.com

RTRA(config-isakmp-group)# acl splitremote

RTRA(config-isakmp-group)# exit

RTRA(config)# crypto ipsec transform-set clienttransform esp-aes esp-sha-hmac

RTRA(cfg-crypto-tran)# exit

RTRA(config)# crypto dynamic-map dynmap 10

RTRA(config-crypto-m)# set transform-set clienttransform

RTRA(config-crypto-m)# exit

RTRA(config)# crypto map mymap client authentication list vpnclient

RTRA(config)# crypto map mymap isakmp authorization list localgroups

RTRA(config)# crypto map mymap client configuration address respond

RTRA(config)# crypto map mymap 1000 ipsec-isakmp dynamic dynmap

RTRA(config)# interface Ethernet0/0

RTRA(config-if)# description Local LAN

RTRA(config-if)# ip address 192.168.0.1 255.255.255.0

just change the ip addresses to ur IPs

if u need any more details post it here

if helpful Rate

HI

When I try to connect VPN Client its shows the below said reason.

reson 414 failed to establish a TCP Connection

Usename admin

password admin123

MY ROUTER CONFIGURATION

sh run

Building configuration...

Current configuration : 1405 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname AIRTEL-DELHI

!

boot-start-marker

boot-end-marker

!

logging buffered 4096

!

aaa new-model

!

!

aaa authentication login vpnclient local

!

!

aaa session-id common

ip cef

!

!

!

!

multilink bundle-name authenticated

!

!

!

!

!

username manju secret 5 $1$mMhL$NYG27PsAEJ3vUB6CwoqGs.

!

!

!

crypto isakmp policy 10

encr aes

authentication pre-share

group 2

crypto isakmp keepalive 203

!

crypto isakmp client configuration group admin

key admin123

domain cisco.com

pool pool1

acl splitremote

!

!

crypto ipsec transform-set client esp-aes esp-sha-hmac

!

crypto dynamic-map dynmap 10

set transform-set client

!

!

crypto map mymap client authentication list vpnclient

crypto map mymap isakmp authorization list localgroup

crypto map mymap client configuration address respond

crypto map mymap 1000 ipsec-isakmp dynamic dynmap

!

!

!

!

interface FastEthernet0

ip address 10.97.37.212 255.255.255.0

speed auto

!

interface Serial0

description AIRTEL-BANG [192.168.10.2]

ip address 192.168.10.1 255.255.255.252

!

ip local pool pool1 10.97.37.0 10.97.37.210

!

!

no ip http server

no ip http secure-server

!

ip access-list extended splitremote

permit ip 10.97.0.0 0.0.0.255 any

!

!

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 3

line vty 4

password cisco

The error is while connecting to router

"remote peer is no longer responding"

please check the above said configure and confirm the problem.

change the following

the adress pool

do:

no ip local pool pool1 10.97.37.0 10.97.37.210

then

ip local pool pool1 192.168.1.1 192.168.1.110

now do the following

username vpnuser password vpn123

now when u configure cisco client vpn there is option to put the host IP which is outside router IP

and there is place to put group name and password

there where u put group name admin password admin123

then when u connect u will get a popup window ask you for username and password

put the one we have just created vpnuser and pass vpn123

u can creat more users

u need to add the following inorder to make th authentication and authorization

aaa new-model

aaa authentication login vpnclient local

aaa authorization network localgroups local

and the FINAL IMORTANT thing is to APPLY the crypto vpn map to the interface u gonna connect to i will assume u the serial interface

interface Serial0

crypto map mymap

check it make sure all the comments are done properly then let me know

good luck

and if helpful rate

its not connecting and its shows in the router.

*Mar 3 05:31:27.633: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode

failed with peer at 10.97.37.83

reg,

can u post ur router config after the last change and tell me what u did u put on the on vpn client

Hi,

Am using this setup for only testing VPN connection in my test lab. My local LAN IP network is 10.97.37.0/24 in the same LAN I connected one PC (IP 10.97.37.83) and installed VPN client software.

Am using for VPN client user name is admin and password is admin123.

I used pool1 10.97.37.1 10.97.37.210 network since am using the same.

Please go through my last change configuration.

AIRTEL-DELHI#sh run

Building configuration...

Current configuration : 1514 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname AIRTEL-DELHI

!

boot-start-marker

boot-end-marker

!

logging buffered 4096

enable secret xxx

enable password xxx

!

aaa new-model

!

!

aaa authentication login vpnclient local

aaa authorization network localgroups local

!

aaa session-id common

ip cef

!

!

!

!

!

multilink bundle-name authenticated

!

!

!

!

!

username manju password 0 cisco

!

!

!

crypto isakmp policy 10

encr aes

authentication pre-share

group 2

crypto isakmp keepalive 203

crypto isakmp client configuration group admin

key admin123

domain cisco.com

pool pool1

acl splitremote

!

!

crypto ipsec transform-set client esp-aes esp-sha-hmac

!

crypto dynamic-map dynmap 10

set transform-set client

!

!

crypto map mymap client authentication list vpnclient

crypto map mymap isakmp authorization list localgroup

crypto map mymap client configuration address respond

crypto map mymap 10 ipsec-isakmp dynamic dynmap

!

!

!

!

interface FastEthernet0

ip address 10.97.37.212 255.255.255.0

speed auto

crypto map mymap

!

interface Serial0

description AIRTEL-BANG [192.168.10.2]

ip address 192.168.10.1 255.255.255.252

!

ip local pool pool1 10.97.37.1 10.97.37.210

!

!

no ip http server

no ip http secure-server

!

ip access-list extended splitremote

permit ip 10.97.37.0 0.0.0.255 any

!

!

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 3

line vty 4

password cisco

!

end

the config looks ok now

but as i told u

o the client vpn software there is group name and password

put the group name as admin and pasword as admin 123

once the phase one of the vpn setup done u will be prompted to enter username and password in this stage use one of the username and password u created such as

manju and pass cisco

good luck

please, if helpful rate

and let me know if worked or not

Hi,

Thanks for your support...there was a command in my router "multilink bundle-name authenticated" due to that its not working, after removing the same its working fine now....

Bye

cool i glad its working now :)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco