Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4395
Views
0
Helpful
3
Replies

Need help with configuring vpn client parameters on cisco 1941

Go to solution
cisco_himg
Level 1
Level 1

‎04-09-2010 07:38 AM

Hey all,

I just bought a new 1941 router ISR and need help with configuring parameters for the VPN client. The commands look a little different on here as I am used to configuring ASA and PIX for vpn, not routers...

Can someone help with the commands?

I need to setup:

usernames, group authentication, etc

Thank yoU!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andrew.prince
Level 10
Level 10

‎04-09-2010 07:55 AM

Have a look a the below config examples - everything you need:-

http://www.cisco.com/en/US/products/ps5854/prod_configuration_examples_list.html

HTH>

Andrew.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
andrew.prince
Level 10
Level 10

‎04-09-2010 07:55 AM

Have a look a the below config examples - everything you need:-

http://www.cisco.com/en/US/products/ps5854/prod_configuration_examples_list.html

HTH>

Andrew.

0 Helpful

Go to solution
Todd Pula
Level 7
Level 7

‎04-09-2010 08:01 AM

In addition to the above link, you can also find a specific config example at the link below.

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_easy_vpn_srvr_ps10591_TSD_Products_Configuration_Guide_Chapter.html#wp1519417

0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎04-09-2010 08:02 AM

crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!

crypto isakmp keepalive 3600 5
crypto isakmp nat keepalive 3600
crypto isakmp xauth timeout 60

!
crypto isakmp client configuration group vpn-client-group
key MySeCrEt
dns 10.1.1.1 10.1.1.2
domain mydomain.com
pool ippool
acl 108
include-local-lan
!
!
crypto ipsec transform-set AES-STRONG esp-aes esp-sha-hmac
!
crypto dynamic-map dynmap 20
set transform-set AES-STRONG
!
crypto map mycompany_vpn client authentication list userauthen
crypto map mycompany_vpn isakmp authorization list groupauthor
crypto map mycompany_vpn client configuration address initiate
crypto map mycompany_vpn client configuration address respond
crypto map mycompany_vpn 20 ipsec-isakmp dynamic dynmap
!
Apply the crpyto map to the interface. Make sure to make the interesting traffic ACL (108 above) and no NAT the traffic. Creat local user accounts with;

username vpn-mmessier secret [vpn password]

Check this link for more examples.

http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html#anchor15

Hope it helps.

0 Helpful
Customers Also Viewed These Support Documents