Need help with configuring vpn client parameters on cisco 1941

Answered Question
Apr 9th, 2010

Hey all,

I just bought a new 1941 router ISR and need help with configuring parameters for the VPN client. The commands look a little different on here as I am used to configuring ASA and PIX for vpn, not routers...

Can someone help with the commands?

I need to setup:

usernames, group authentication, etc

Thank yoU!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Collin Clark Fri, 04/09/2010 - 08:02

crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!

crypto isakmp keepalive 3600 5
crypto isakmp nat keepalive 3600
crypto isakmp xauth timeout 60

!
crypto isakmp client configuration group vpn-client-group
key MySeCrEt
dns 10.1.1.1 10.1.1.2
domain mydomain.com
pool ippool
acl 108
include-local-lan
!
!
crypto ipsec transform-set AES-STRONG esp-aes esp-sha-hmac
!
crypto dynamic-map dynmap 20
set transform-set AES-STRONG
!
crypto map mycompany_vpn client authentication list userauthen
crypto map mycompany_vpn isakmp authorization list groupauthor
crypto map mycompany_vpn client configuration address initiate
crypto map mycompany_vpn client configuration address respond
crypto map mycompany_vpn 20 ipsec-isakmp dynamic dynmap

!
Apply the crpyto map to the interface. Make sure to make the interesting traffic ACL (108 above) and no NAT the traffic. Creat local user accounts with;

username vpn-mmessier secret [vpn password]

Check this link for more examples.

http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html#anchor15

Hope it helps.

Actions

This Discussion