Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
486
Views
0
Helpful
2
Replies

Setup VPN on 877

gadgroupllc
Level 1
Level 1

‎04-20-2009 09:32 AM

Hi,

I have a 877 Router with software version 12.4(15)T7. We have several users that want to VPN into site. Can you point me to a doc that explains how to setup the VPN on the 877 Router?

I have a telnet connection to the 877 and therefore, will need to perform work over CLI instead of SDM.

Thanks,

Labels:
0 Helpful
2 Replies 2

gadgroupllc
Level 1
Level 1
In response to andrew.prince

‎04-20-2009 01:09 PM

I've created the config. However, I get Invalid SPI size (PayloadNotify:116) error on vpn client.

here is config:

mhsrtr#sh runn

Building configuration...

Current configuration : 6198 bytes

!

! Last configuration change at 15:54:03 CDT Mon Apr 20 2009 by admin

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname mhsrtr

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

aaa new-model

!

!

aaa authentication login rtr-remote local

!

!

aaa session-id common

clock timezone CST -6

clock summer-time CDT recurring

!

crypto pki trustpoint TP-self-signed-2419240079

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2419240079

revocation-check none

rsakeypair TP-self-signed-2419240079

!

!

!

no ip domain lookup

ip domain name xxxx

ip name-server xxxx

ip name-server xxxx

!

multilink bundle-name authenticated

!

!

username admin privilege 15 secret 5 $1$C6Dr$kCtbvShoEGvolf4xnZzrx.

username xxxx password 0 xxxx

!

!

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

lifetime 480

!

crypto isakmp client configuration group rtr-remote

key xxxx

dns x.x.x.x

domain xxxx

!

crypto ipsec security-association lifetime seconds 86400

!

crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac

!

crypto ipsec client ezvpn ezvpnclient

connect auto

group ezvpnclient key xxxx

mode client

peer xxxx

xauth userid mode interactive

!

!

crypto dynamic-map dynmap 1

set transform-set vpn1

reverse-route

!

!

crypto map dynmap isakmp authorization list rtr-remote

crypto map dynmap client configuration address respond

!

crypto map static-map 1 ipsec-isakmp dynamic dynmap

!

archive

log config

hidekeys

!

!

!

!

!

interface ATM0

no ip address

ip virtual-reassembly

no atm ilmi-keepalive

dsl operating-mode auto

crypto ipsec client ezvpn ezvpnclient

!

interface ATM0.1 point-to-point

pvc 0/35

pppoe-client dial-pool-number 1

!

!

interface FastEthernet0

!

interface FastEthernet1

crypto map static-map

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface Dialer0

mtu 1492

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

no cdp enable

ppp pap sent-username xxxx password 0 xxxx

!

ip local pool vpn_addr_pool 192.168.11.10 192.168.11.20

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

!

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface Dialer0 overload

!

access-list 1 permit 192.0.0.0 0.255.255.255

dialer-list 1 protocol ip permit

no cdp run

!

!

!

!

control-plane

!

banner exec ^C

% Password expiration warning.

-----------------------------------------------------------------------

mhsrtr#

0 Helpful
Customers Also Viewed These Support Documents