Need help with configuring vpn client parameters on cisco 1941

Answered Question
Apr 9th, 2010
User Badges:

Hey all,

I just bought a new 1941 router ISR and need help with configuring parameters for the VPN client. The commands look a little different on here as I am used to configuring ASA and PIX for vpn, not routers...

Can someone help with the commands?

I need to setup:

usernames, group authentication, etc

Thank yoU!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Collin Clark Fri, 04/09/2010 - 08:02
User Badges:
  • Purple, 4500 points or more

crypto isakmp policy 1
encr aes
authentication pre-share
group 2

crypto isakmp keepalive 3600 5
crypto isakmp nat keepalive 3600
crypto isakmp xauth timeout 60

crypto isakmp client configuration group vpn-client-group
key MySeCrEt
pool ippool
acl 108
crypto ipsec transform-set AES-STRONG esp-aes esp-sha-hmac
crypto dynamic-map dynmap 20
set transform-set AES-STRONG
crypto map mycompany_vpn client authentication list userauthen
crypto map mycompany_vpn isakmp authorization list groupauthor
crypto map mycompany_vpn client configuration address initiate
crypto map mycompany_vpn client configuration address respond
crypto map mycompany_vpn 20 ipsec-isakmp dynamic dynmap

Apply the crpyto map to the interface. Make sure to make the interesting traffic ACL (108 above) and no NAT the traffic. Creat local user accounts with;

username vpn-mmessier secret [vpn password]

Check this link for more examples.

Hope it helps.


This Discussion