Need help with configuring vpn client parameters on cisco 1941

Answered Question
Apr 9th, 2010
User Badges:

Hey all,


I just bought a new 1941 router ISR and need help with configuring parameters for the VPN client. The commands look a little different on here as I am used to configuring ASA and PIX for vpn, not routers...


Can someone help with the commands?


I need to setup:

usernames, group authentication, etc


Thank yoU!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Collin Clark Fri, 04/09/2010 - 08:02
User Badges:
  • Purple, 4500 points or more

crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!


crypto isakmp keepalive 3600 5
crypto isakmp nat keepalive 3600
crypto isakmp xauth timeout 60


!
crypto isakmp client configuration group vpn-client-group
key MySeCrEt
dns 10.1.1.1 10.1.1.2
domain mydomain.com
pool ippool
acl 108
include-local-lan
!
!
crypto ipsec transform-set AES-STRONG esp-aes esp-sha-hmac
!
crypto dynamic-map dynmap 20
set transform-set AES-STRONG
!
crypto map mycompany_vpn client authentication list userauthen
crypto map mycompany_vpn isakmp authorization list groupauthor
crypto map mycompany_vpn client configuration address initiate
crypto map mycompany_vpn client configuration address respond
crypto map mycompany_vpn 20 ipsec-isakmp dynamic dynmap

!
Apply the crpyto map to the interface. Make sure to make the interesting traffic ACL (108 above) and no NAT the traffic. Creat local user accounts with;


username vpn-mmessier secret [vpn password]


Check this link for more examples.

http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html#anchor15


Hope it helps.

Actions

This Discussion