08-19-2008 10:12 PM - edited 03-03-2019 11:12 PM
Hi,
How to configure VPN Client in Cisco router and let me know the sample configuration.
Regards,
Solved! Go to Solution.
08-20-2008 08:04 PM
the config looks ok now
but as i told u
o the client vpn software there is group name and password
put the group name as admin and pasword as admin 123
once the phase one of the vpn setup done u will be prompted to enter username and password in this stage use one of the username and password u created such as
manju and pass cisco
good luck
please, if helpful rate
and let me know if worked or not
08-19-2008 10:22 PM
then check out this link:
http://www.cisco.com/en/US/products/hw/routers/ps221/prod_configuration_guide09186a008007cfa7.html
please, if helpful rate
08-19-2008 11:08 PM
Hi,
Can you please give simple configuration for VPN client? This would be more complicated.
Just for two to three user can access.
Regards
08-20-2008 12:01 AM
RTRA(config)# aaa new-model (1)
RTRA(config)# aaa authentication login vpnclient local
RTRA(config)# aaa authorization network localgroups local
RTRA(config)# username user1 secret user1
RTRA(config)# username user2 secret user2
RTRA(config)# username vpnuser secret 12345
RTRA(config)# crypto isakmp policy 10
RTRA(config-isakmp)# encryption aes 128
RTRA(config-isakmp)# hash sha
RTRA(config-isakmp)# authentication pre-share
RTRA(config-isakmp)# group 2
RTRA(config-isakmp)# exit
RTRA(config)# crypto isakmp keepalive 20 3
RTRA(config)# ip local pool pool1 192.168.0.200 192.168.0.219
RTRA(config)# ip access-list extended splitremote
RTRA(config-ext-nacl)# permit ip 192.168.0.0 0.0.0.255 any
RTRA(config-ext-nacl)# exit
RTRA(config)# crypto isakmp client configuration group admin
RTRA(config-isakmp-group)# key admin123
RTRA(config-isakmp-group)# pool pool1
RTRA(config-isakmp-group)# domain cisco.com
RTRA(config-isakmp-group)# acl splitremote
RTRA(config-isakmp-group)# exit
RTRA(config)# crypto ipsec transform-set clienttransform esp-aes esp-sha-hmac
RTRA(cfg-crypto-tran)# exit
RTRA(config)# crypto dynamic-map dynmap 10
RTRA(config-crypto-m)# set transform-set clienttransform
RTRA(config-crypto-m)# exit
RTRA(config)# crypto map mymap client authentication list vpnclient
RTRA(config)# crypto map mymap isakmp authorization list localgroups
RTRA(config)# crypto map mymap client configuration address respond
RTRA(config)# crypto map mymap 1000 ipsec-isakmp dynamic dynmap
RTRA(config)# interface Ethernet0/0
RTRA(config-if)# description Local LAN
RTRA(config-if)# ip address 192.168.0.1 255.255.255.0
just change the ip addresses to ur IPs
if u need any more details post it here
if helpful Rate
08-20-2008 01:49 AM
HI
When I try to connect VPN Client its shows the below said reason.
reson 414 failed to establish a TCP Connection
Usename admin
password admin123
MY ROUTER CONFIGURATION
sh run
Building configuration...
Current configuration : 1405 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AIRTEL-DELHI
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
!
aaa new-model
!
!
aaa authentication login vpnclient local
!
!
aaa session-id common
ip cef
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
username manju secret 5 $1$mMhL$NYG27PsAEJ3vUB6CwoqGs.
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp keepalive 203
!
crypto isakmp client configuration group admin
key admin123
domain cisco.com
pool pool1
acl splitremote
!
!
crypto ipsec transform-set client esp-aes esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set client
!
!
crypto map mymap client authentication list vpnclient
crypto map mymap isakmp authorization list localgroup
crypto map mymap client configuration address respond
crypto map mymap 1000 ipsec-isakmp dynamic dynmap
!
!
!
!
interface FastEthernet0
ip address 10.97.37.212 255.255.255.0
speed auto
!
interface Serial0
description AIRTEL-BANG [192.168.10.2]
ip address 192.168.10.1 255.255.255.252
!
ip local pool pool1 10.97.37.0 10.97.37.210
!
!
no ip http server
no ip http secure-server
!
ip access-list extended splitremote
permit ip 10.97.0.0 0.0.0.255 any
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 3
line vty 4
password cisco
08-20-2008 03:11 AM
The error is while connecting to router
"remote peer is no longer responding"
please check the above said configure and confirm the problem.
08-20-2008 04:09 AM
change the following
the adress pool
do:
no ip local pool pool1 10.97.37.0 10.97.37.210
then
ip local pool pool1 192.168.1.1 192.168.1.110
now do the following
username vpnuser password vpn123
now when u configure cisco client vpn there is option to put the host IP which is outside router IP
and there is place to put group name and password
there where u put group name admin password admin123
then when u connect u will get a popup window ask you for username and password
put the one we have just created vpnuser and pass vpn123
u can creat more users
u need to add the following inorder to make th authentication and authorization
aaa new-model
aaa authentication login vpnclient local
aaa authorization network localgroups local
and the FINAL IMORTANT thing is to APPLY the crypto vpn map to the interface u gonna connect to i will assume u the serial interface
interface Serial0
crypto map mymap
check it make sure all the comments are done properly then let me know
good luck
and if helpful rate
08-20-2008 05:49 AM
its not connecting and its shows in the router.
*Mar 3 05:31:27.633: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode
failed with peer at 10.97.37.83
reg,
08-20-2008 04:31 PM
can u post ur router config after the last change and tell me what u did u put on the on vpn client
08-20-2008 07:37 PM
Hi,
Am using this setup for only testing VPN connection in my test lab. My local LAN IP network is 10.97.37.0/24 in the same LAN I connected one PC (IP 10.97.37.83) and installed VPN client software.
Am using for VPN client user name is admin and password is admin123.
I used pool1 10.97.37.1 10.97.37.210 network since am using the same.
Please go through my last change configuration.
AIRTEL-DELHI#sh run
Building configuration...
Current configuration : 1514 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AIRTEL-DELHI
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
enable secret xxx
enable password xxx
!
aaa new-model
!
!
aaa authentication login vpnclient local
aaa authorization network localgroups local
!
aaa session-id common
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
username manju password 0 cisco
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp keepalive 203
crypto isakmp client configuration group admin
key admin123
domain cisco.com
pool pool1
acl splitremote
!
!
crypto ipsec transform-set client esp-aes esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set client
!
!
crypto map mymap client authentication list vpnclient
crypto map mymap isakmp authorization list localgroup
crypto map mymap client configuration address respond
crypto map mymap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface FastEthernet0
ip address 10.97.37.212 255.255.255.0
speed auto
crypto map mymap
!
interface Serial0
description AIRTEL-BANG [192.168.10.2]
ip address 192.168.10.1 255.255.255.252
!
ip local pool pool1 10.97.37.1 10.97.37.210
!
!
no ip http server
no ip http secure-server
!
ip access-list extended splitremote
permit ip 10.97.37.0 0.0.0.255 any
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 3
line vty 4
password cisco
!
end
08-20-2008 08:04 PM
the config looks ok now
but as i told u
o the client vpn software there is group name and password
put the group name as admin and pasword as admin 123
once the phase one of the vpn setup done u will be prompted to enter username and password in this stage use one of the username and password u created such as
manju and pass cisco
good luck
please, if helpful rate
and let me know if worked or not
08-20-2008 09:52 PM
Hi,
Thanks for your support...there was a command in my router "multilink bundle-name authenticated" due to that its not working, after removing the same its working fine now....
Bye
08-20-2008 10:13 PM
cool i glad its working now :)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: