Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Configuring Cisco 871W as VPN-Server

Hi,

i've just trying to configure an Cisco 871W as VPN-Server for a couple of clients. The Router is placed behind our default gateway and will have a fix ip.

1. are there any sample configs (IOS 12.3(8)Y3) available to tryout and study ?

2. i need a basic configuration to get ssh-access to the router from the internet. At the moment i try to set the wan-interface as public (with the public ip) and vlan1 as private) -> it dowsn't work propperly yet. :( - are there any standards to follow or is this just the way of choice ?

kind regards, martin

4 REPLIES

Re: Configuring Cisco 871W as VPN-Server

Gold

Re: Configuring Cisco 871W as VPN-Server

New Member

Re: Configuring Cisco 871W as VPN-Server

thanks für your advice :)

i'm downloading the manuals atm and try them out just when i'm back in the office

Gold

Re: Configuring Cisco 871W as VPN-Server

please excuse me for following the entire conversation.

nonetheless, below are the sample codes for remote vpn:

aaa new-model

aaa authentication login vpnauthen local

aaa authorization network vpnauthor local

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration group vpngroup

key xxxxxxxx

pool vpnpool

acl 130

crypto ipsec transform-set vpnset esp-3des esp-md5-hmac

crypto dynamic-map dynmap 10

set transform-set vpnset

crypto map vpnmap client authentication list vpnauthen

crypto map vpnmap isakmp authorization list vpnauthor

crypto map vpnmap client configuration address respond

crypto map vpnmap 10 ipsec-isakmp dynamic dynmap

interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

interface Dialer0

ip address

ip nat outside

crypto map vpnmap

ip local pool vpnpool 10.1.1.1 10.1.1.10

ip nat inside source route-map nonat interface Dialer0 overload

access-list 101 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 130 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

route-map nonat permit 10

match ip address 101

below are the sampel codes for ssh:

hostname router

ip domain-name yourcompany.com

crypto key generate rsa

1024

line vty 0 4

transport input telnet ssh

username cisco password cisco123

aaa new-model

240
Views
0
Helpful
4
Replies
CreatePlease to create content