01-18-2006 03:43 AM - edited 03-03-2019 01:29 AM
Can anyone give me a quick config example for this, I want to set all the passwords etc in my router !!
thanks
Carlos
01-18-2006 03:53 AM
Hi
Config sample from CCO..
!--- Enable AAA for user authentication
!--- and group authorization.
aaa new-model
!
!
!--- In order to enable X-Auth for user authentication,
!--- enable the aaa authentication commands.
aaa authentication login userauthen local
!--- In order to enable group authorization, enable
!--- the aaa authorization commands.
aaa authorization network groupauthor local
aaa session-id common
!
!--- For local authentication of the IPSec user,
!--- create the user with a password.
username xxx password xxx
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
!
!--- Create an Internet Security Association and
!--- Key Management Protocol (ISAKMP)
!--- policy for Phase 1 negotiations for the VPN 3.x Clients.
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
!--- Create a group that is used to
!--- specify the WINS, DNS servers' address
!--- to the client, along with the pre-shared
!--- key for authentication.
crypto isakmp client configuration group 3000client
key cisco123
dns 10.10.10.10
wins 10.10.10.20
domain cisco.com
pool ippool
!
!
!--- Create the Phase 2 Policy for actual data encryption.
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
!--- Create a dynamic map and apply
!--- the transform set that was created earlier.
crypto dynamic-map dynmap 10
set transform-set myset
!
!
!--- Create the actual crypto map, and
!--- apply the AAA lists that were created
!--- earlier. Also create a new instance for your
!--- LAN-to-LAN tunnel. Specify the peer IP address,
!--- transform set, and an Access Control List (ACL) for this
!--- instance.
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!--- Apply the crypto map on the outside interface.
interface Ethernet0/0
ip address 172.18.124.159 255.255.255.0
half-duplex
crypto map clientmap
!
interface Ethernet0/1
ip address 10.10.10.1 255.255.255.0
no keepalive
half-duplex
!
!
!--- Create a pool of addresses to be
!--- assigned to the VPN Clients.
ip local pool ippool 14.1.1.100 14.1.1.200
ip classless
ip route 0.0.0.0 0.0.0.0 172.18.124.1
!
regds
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide