2800 Router need config example simple VPN local username DB

Unanswered Question

Hello,


I need a config example on how to setup VPN on a 2800 router using local usernames database and pre-shared key or whatever is the simplest.

Nothing special needed here.


All the examples are for special features like Radius authen.


I just want to use our Cisco VPN clients (4.7.00.0533) to connect to this remote 2800 router which has a 3G Sprint cellular outside interface NAT w/Overload.


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hdashnau Wed, 02/10/2010 - 12:34
User Badges:
  • Cisco Employee,

Keith,


This document might be a little bit more than you need (it assumes you also want to send the VPN client traffic over an existing VPN), but I picked it because it has a complete example of software based VPN client connection to a router using local authentication and it also shows you how to exempt the VPN client traffic from NAT:

http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a00809c7171.shtml#add


Some notes to make the document fit your scenario:

-Your NAT_Exempt ACL will just be sourced from your inside network (or any) going to the VPN pool. You dont need the L2L networks defined.

-You can skip step 3 entirely. You dont need to define any L2L information.

-Step 4, your ACL just needs to be sourced from your inside network to the VPN pool. You dont need the L2L networks defined.


-heather

This document overwelms me.


I only have one router in this particular situation.

Why would I need a ACL to disable NAT if there are no other branch office routers?


Let me try a different aproach.


Below is my current config.

What am I missing?


Thanks.






Current configuration : 2977 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname "--Removed--"
!
boot-start-marker
boot-end-marker
!
enable secret "--Removed--"
enable password "--Removed--"
!
no aaa new-model
dot11 syslog
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.100 192.168.1.254
!
ip dhcp pool Ethernet_0_pool
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.254
   dns-server 206.228.179.10 144.228.254.10 144.228.255.10
!
!
ip domain name dyndns.org
ip name-server 206.228.179.10
ip ddns update method dyndnsdotorg
HTTP
  add &myip=http://user:[email protected]/nic/update?system=dyndns&hostname=&myip=>
!
!
multilink bundle-name authenticated
!
chat-script cdma "" "ATDT#777"  TIMEOUT 60 "CONNECT"
password encryption aes
!
!
!
!
username user password "--Removed--"
archive
log config
  hidekeys
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Cellular0/3/0
ip dhcp client update dns
ip ddns update hostname "--Removed--"
ip ddns update dyndnsdotorg
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer string cdma
dialer-group 1
async mode interactive
ppp chap password "--Removed--"
!
interface Async0/1/0
no ip address
encapsulation slip
!
ip local pool VPNpool 192.168.2.100 192.168.2.200
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Cellular0/3/0
!
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Cellular0/3/0 overload
!
logging trap debugging
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 remark Nat Access-List
access-list 2 permit any
access-list 2 remark triggers Cellular0/3/0 to dial.
dialer-list 1 protocol ip list 2
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line 0/1/0
password "--Removed--"
login
modem Dialin
transport input all
stopbits 1
speed 115200
flowcontrol hardware
line 0/3/0
script dialer cdma
no exec
rxspeed 3100000
txspeed 1800000
line vty 0 4
login
!
scheduler allocate 20000 1000
ntp clock-period 17180000
ntp source Cellular0/3/0
ntp peer 129.6.15.28
!
end

Actions

This Discussion