Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
216
Views
0
Helpful
1
Replies

cisco 1700 router and vpn client

carl_townshend
Spotlight
Spotlight

‎01-18-2006 03:43 AM - edited ‎03-03-2019 01:29 AM

Can anyone give me a quick config example for this, I want to set all the passwords etc in my router !!

thanks

Carlos

Labels:
0 Helpful
1 Reply 1

spremkumar
Level 9
Level 9

‎01-18-2006 03:53 AM

Hi

Config sample from CCO..

!--- Enable AAA for user authentication

!--- and group authorization.

aaa new-model

!

!

!--- In order to enable X-Auth for user authentication,

!--- enable the aaa authentication commands.

aaa authentication login userauthen local

!--- In order to enable group authorization, enable

!--- the aaa authorization commands.

aaa authorization network groupauthor local

aaa session-id common

!

!--- For local authentication of the IPSec user,

!--- create the user with a password.

username xxx password xxx

ip subnet-zero

!

!

!

ip audit notify log

ip audit po max-events 100

!

!--- Create an Internet Security Association and

!--- Key Management Protocol (ISAKMP)

!--- policy for Phase 1 negotiations for the VPN 3.x Clients.

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

!

!--- Create a group that is used to

!--- specify the WINS, DNS servers' address

!--- to the client, along with the pre-shared

!--- key for authentication.

crypto isakmp client configuration group 3000client

key cisco123

dns 10.10.10.10

wins 10.10.10.20

domain cisco.com

pool ippool

!

!

!--- Create the Phase 2 Policy for actual data encryption.

crypto ipsec transform-set myset esp-3des esp-md5-hmac

!

!--- Create a dynamic map and apply

!--- the transform set that was created earlier.

crypto dynamic-map dynmap 10

set transform-set myset

!

!

!--- Create the actual crypto map, and

!--- apply the AAA lists that were created

!--- earlier. Also create a new instance for your

!--- LAN-to-LAN tunnel. Specify the peer IP address,

!--- transform set, and an Access Control List (ACL) for this

!--- instance.

crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

crypto map clientmap client configuration address respond

crypto map clientmap 10 ipsec-isakmp dynamic dynmap

!

!--- Apply the crypto map on the outside interface.

interface Ethernet0/0

ip address 172.18.124.159 255.255.255.0

half-duplex

crypto map clientmap

!

interface Ethernet0/1

ip address 10.10.10.1 255.255.255.0

no keepalive

half-duplex

!

!

!--- Create a pool of addresses to be

!--- assigned to the VPN Clients.

ip local pool ippool 14.1.1.100 14.1.1.200

ip classless

ip route 0.0.0.0 0.0.0.0 172.18.124.1

!

regds

0 Helpful
Customers Also Viewed These Support Documents