accept VPN client on Cisco 1841 with site-to-site to Cisco 501

Answered Question
Mar 19th, 2006
User Badges:

I have a site-to-site with Cisco1841 on my head office. 1841 connect to Pix501 at Branch1. I want to accept VPN client with a soft on my 1841. Is it possible on the same interface ???


Thanks

Correct Answer by jackko about 11 years 5 months ago

no doubt this is supported.


below are the codes for configuring both lan-lan vpn and remote vpn access on a router:


crypto isakmp policy 10

encr 3des

authentication pre-share

group 2


crypto isakmp key xxxxxxxx address no-xauth


crypto isakmp client configuration group vpngroup

key xxxxxxxx

pool vpnpool

acl 130


crypto ipsec transform-set vpnset esp-3des esp-md5-hmac


crypto dynamic-map dynmap 10

set transform-set vpnset

crypto map vpnmap client authentication list vpnauthen

crypto map vpnmap isakmp authorization list vpnauthor

crypto map vpnmap client configuration address respond

crypto map vpnmap 10 ipsec-isakmp dynamic dynmap


crypto map vpnmap 20 ipsec-isakmp

set peer

set transform-set superset

match address 140


interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside


interface Dialer0

ip address

ip nat outside

crypto map vpnmap


ip local pool vpnpool 10.1.1.1 10.1.1.10

ip nat inside source route-map nonat interface Dialer0 overload


access-list 101 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 130 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 140 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255


route-map nonat permit 10

match ip address 101

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
jackko Sun, 03/19/2006 - 14:24
User Badges:
  • Gold, 750 points or more

no doubt this is supported.


below are the codes for configuring both lan-lan vpn and remote vpn access on a router:


crypto isakmp policy 10

encr 3des

authentication pre-share

group 2


crypto isakmp key xxxxxxxx address no-xauth


crypto isakmp client configuration group vpngroup

key xxxxxxxx

pool vpnpool

acl 130


crypto ipsec transform-set vpnset esp-3des esp-md5-hmac


crypto dynamic-map dynmap 10

set transform-set vpnset

crypto map vpnmap client authentication list vpnauthen

crypto map vpnmap isakmp authorization list vpnauthor

crypto map vpnmap client configuration address respond

crypto map vpnmap 10 ipsec-isakmp dynamic dynmap


crypto map vpnmap 20 ipsec-isakmp

set peer

set transform-set superset

match address 140


interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside


interface Dialer0

ip address

ip nat outside

crypto map vpnmap


ip local pool vpnpool 10.1.1.1 10.1.1.10

ip nat inside source route-map nonat interface Dialer0 overload


access-list 101 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 130 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 140 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255


route-map nonat permit 10

match ip address 101

rmaltais100 Sun, 03/19/2006 - 15:57
User Badges:

Thank you for your assistance, it is really appreciated

Actions

This Discussion