Hello, I would like to know if anyone can give me a quick and dirty explanation of a dynamic vpn config using a pre-shared key. The way I see it I must: 1) set an isakmp policy, 2) set isakmp key and address, 3) set isakmp client config 4) set transfer set, 5) specify dynamic crypto map template, 6) apply config changes to outside interface........
Can some one correct the errors in my methodology??
You approach is the same. But actual implementation really depends on the VPN paltform that you are using. The configuration will be different if you are configuring an IOS router or a pix Firewall for the client VPN tunnels
Thanks for the prompt reply. I am attempting this config on a 1720 - so an IOS router. I am assuming that as the first link you provided states, I do not "absolutely" need to name the group as stated in the link - or specify the same password?? Ditto for the user "cisco" with password "cisco"??
Also, my router's running config does not contain the directive "aaa authorization network groupauthor local" to use the local database to allow users to access network services. Is this absolutely required?
I can supply my run config for a more detailed analysis.
Thank you for the help. Results of my foray follow.
I added the vpn directives outlined in the first link you sent me but the dynamic vpn did not function and the static vpn we have went down. It seems that we can only apply one cryptomap to an interface.
I am including the cmds I input and debug results.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...