cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
336
Views
0
Helpful
2
Replies

accept VPN client on Cisco 1841 with site-to-site to Cisco 501

rmaltais100
Level 1
Level 1

I have a site-to-site with Cisco1841 on my head office. 1841 connect to Pix501 at Branch1. I want to accept VPN client with a soft on my 1841. Is it possible on the same interface ???

Thanks

1 Accepted Solution

Accepted Solutions

jackko
Level 7
Level 7

no doubt this is supported.

below are the codes for configuring both lan-lan vpn and remote vpn access on a router:

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp key xxxxxxxx address no-xauth

crypto isakmp client configuration group vpngroup

key xxxxxxxx

pool vpnpool

acl 130

crypto ipsec transform-set vpnset esp-3des esp-md5-hmac

crypto dynamic-map dynmap 10

set transform-set vpnset

crypto map vpnmap client authentication list vpnauthen

crypto map vpnmap isakmp authorization list vpnauthor

crypto map vpnmap client configuration address respond

crypto map vpnmap 10 ipsec-isakmp dynamic dynmap

crypto map vpnmap 20 ipsec-isakmp

set peer

set transform-set superset

match address 140

interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

interface Dialer0

ip address

ip nat outside

crypto map vpnmap

ip local pool vpnpool 10.1.1.1 10.1.1.10

ip nat inside source route-map nonat interface Dialer0 overload

access-list 101 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 130 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 140 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

route-map nonat permit 10

match ip address 101

View solution in original post

2 Replies 2

jackko
Level 7
Level 7

no doubt this is supported.

below are the codes for configuring both lan-lan vpn and remote vpn access on a router:

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp key xxxxxxxx address no-xauth

crypto isakmp client configuration group vpngroup

key xxxxxxxx

pool vpnpool

acl 130

crypto ipsec transform-set vpnset esp-3des esp-md5-hmac

crypto dynamic-map dynmap 10

set transform-set vpnset

crypto map vpnmap client authentication list vpnauthen

crypto map vpnmap isakmp authorization list vpnauthor

crypto map vpnmap client configuration address respond

crypto map vpnmap 10 ipsec-isakmp dynamic dynmap

crypto map vpnmap 20 ipsec-isakmp

set peer

set transform-set superset

match address 140

interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

interface Dialer0

ip address

ip nat outside

crypto map vpnmap

ip local pool vpnpool 10.1.1.1 10.1.1.10

ip nat inside source route-map nonat interface Dialer0 overload

access-list 101 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 130 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 140 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

route-map nonat permit 10

match ip address 101

Thank you for your assistance, it is really appreciated

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: