×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Configuring Cisco 871W as VPN-Server

Unanswered Question
Mar 2nd, 2006
User Badges:

Hi,


i've just trying to configure an Cisco 871W as VPN-Server for a couple of clients. The Router is placed behind our default gateway and will have a fix ip.


1. are there any sample configs (IOS 12.3(8)Y3) available to tryout and study ?

2. i need a basic configuration to get ssh-access to the router from the internet. At the moment i try to set the wan-interface as public (with the public ip) and vlan1 as private) -> it dowsn't work propperly yet. :( - are there any standards to follow or is this just the way of choice ?


kind regards, martin

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
martin.loose Sat, 03/04/2006 - 03:23
User Badges:

thanks für your advice :)

i'm downloading the manuals atm and try them out just when i'm back in the office

jackko Sat, 03/04/2006 - 05:45
User Badges:
  • Gold, 750 points or more

please excuse me for following the entire conversation.


nonetheless, below are the sample codes for remote vpn:

aaa new-model

aaa authentication login vpnauthen local

aaa authorization network vpnauthor local


crypto isakmp policy 10

encr 3des

authentication pre-share

group 2


crypto isakmp client configuration group vpngroup

key xxxxxxxx

pool vpnpool

acl 130


crypto ipsec transform-set vpnset esp-3des esp-md5-hmac


crypto dynamic-map dynmap 10

set transform-set vpnset

crypto map vpnmap client authentication list vpnauthen

crypto map vpnmap isakmp authorization list vpnauthor

crypto map vpnmap client configuration address respond

crypto map vpnmap 10 ipsec-isakmp dynamic dynmap


interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside


interface Dialer0

ip address

ip nat outside

crypto map vpnmap


ip local pool vpnpool 10.1.1.1 10.1.1.10

ip nat inside source route-map nonat interface Dialer0 overload


access-list 101 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 130 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255


route-map nonat permit 10

match ip address 101



below are the sampel codes for ssh:

hostname router

ip domain-name yourcompany.com


crypto key generate rsa

1024


line vty 0 4

transport input telnet ssh


username cisco password cisco123


aaa new-model


Actions

This Discussion