I've been trying for a while to setup my Cisco 877 router as a VPN server, in order to be able to access my nework from the outside.
My goal is to use standard Windows (or Linux) VPN client software to connect, without the need for Cisco VPN Client. Is this possible at all? I'd think so, but I've been unable to make it work.
Also, although I have quite a bit of Cisco routers/switchs experience, I'm very confused at the whole crypto/isakmp thing; I've read tons of documentation and tried out some configurations, but I just don't seem to have grasped enough of it.
- As I said, I want to be able to connect from any client system which natively supports VPNs, without the need for the Cisco VPN Client.
- I want to use L2TP/IPSEC.
- I want to use a pre-shared key (no certificates, please).
- I want the router to assign internal IP addresses from a defined pool (no DHCP).
- I want to use the router's own authentication (no RADIUS).
- I want to be able to connect the same way from anywhere (no ACLs or custom VPN profiles based on peer address).
Some details about my configuration:
- IOS version is "(C870-ADVIPSERVICESK9-M), Version 15.0(1)M"
- The router has four Ethernet ports belonging to the default VLAN 1, where it has the IP address 192.168.42.1/24.
- The WAN interface is a PPP ADSL with a single (static but dynamically-assigned) public IP address; the external interface is Dialer0.
- The router does NAT for the internal network.
- The router is already using AAA, thus configured:
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
aaa authorization network default local
- There is a single local user with privilege level 15, let's call it "username"; it's ok for me to use the same one for VPN access.
I can post samples of the various configurations I tried, but I'm not quite sure what is correct and what is not about them, so I'm not posting them for now; I will, if asked.
Can someone please provide me a working configuration for this setup?