03-19-2006 06:59 AM - edited 02-21-2020 02:19 PM
I have a site-to-site with Cisco1841 on my head office. 1841 connect to Pix501 at Branch1. I want to accept VPN client with a soft on my 1841. Is it possible on the same interface ???
Thanks
Solved! Go to Solution.
03-19-2006 02:24 PM
no doubt this is supported.
below are the codes for configuring both lan-lan vpn and remote vpn access on a router:
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxxxx address
crypto isakmp client configuration group vpngroup
key xxxxxxxx
pool vpnpool
acl 130
crypto ipsec transform-set vpnset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10
set transform-set vpnset
crypto map vpnmap client authentication list vpnauthen
crypto map vpnmap isakmp authorization list vpnauthor
crypto map vpnmap client configuration address respond
crypto map vpnmap 10 ipsec-isakmp dynamic dynmap
crypto map vpnmap 20 ipsec-isakmp
set peer
set transform-set superset
match address 140
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
interface Dialer0
ip address
ip nat outside
crypto map vpnmap
ip local pool vpnpool 10.1.1.1 10.1.1.10
ip nat inside source route-map nonat interface Dialer0 overload
access-list 101 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 130 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 140 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
route-map nonat permit 10
match ip address 101
03-19-2006 02:24 PM
no doubt this is supported.
below are the codes for configuring both lan-lan vpn and remote vpn access on a router:
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxxxx address
crypto isakmp client configuration group vpngroup
key xxxxxxxx
pool vpnpool
acl 130
crypto ipsec transform-set vpnset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10
set transform-set vpnset
crypto map vpnmap client authentication list vpnauthen
crypto map vpnmap isakmp authorization list vpnauthor
crypto map vpnmap client configuration address respond
crypto map vpnmap 10 ipsec-isakmp dynamic dynmap
crypto map vpnmap 20 ipsec-isakmp
set peer
set transform-set superset
match address 140
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
interface Dialer0
ip address
ip nat outside
crypto map vpnmap
ip local pool vpnpool 10.1.1.1 10.1.1.10
ip nat inside source route-map nonat interface Dialer0 overload
access-list 101 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 130 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 140 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
route-map nonat permit 10
match ip address 101
03-19-2006 03:57 PM
Thank you for your assistance, it is really appreciated
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: