Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
259
Views
0
Helpful
2
Replies

ISDN router clients to VPN

mljevakovic
Level 3
Level 3

‎10-06-2003 11:38 PM - edited ‎02-21-2020 12:48 PM

This is a config on 2611XM. I accept dial-up clients with Cisco VPN client on their PCs; also I accept remote sites in site-to-site VPN configuration. What I have to do (on my side – router 2611) that I can accept clients, which use Cisco ISDN router (like as 804) on their side?

-------

Cisco2611XM#show run

Building configuration...

Current configuration : 3844 bytes

!

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Cisco2611XM

!

enable secret 5 xxxxxxxxxxxxx

enable password xxxxx

!

username xxxx password 0 xxxxxx

aaa new-model

!

!

aaa authentication login userauthen local

aaa authorization network groupauthor local

aaa session-id common

ip subnet-zero

!

!

!

ip audit notify log

ip audit po max-events 100

!

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

!

crypto isakmp policy 5

hash md5

authentication pre-share

crypto isakmp key xxxxxx address xxx.xxx.xxx.xxx no-xauth

crypto isakmp key xxxxxx address xxx.xxx.xxx.xxx no-xauth

crypto isakmp key xxxxxx address xxx.xxx.xxx.xxx no-xauth

!

crypto isakmp client configuration group xxxxx

key xxxxxx

dns 192.168.1.100

domain company.com

pool ippool

!

!

crypto ipsec transform-set myset esp-3des esp-sha-hmac

crypto ipsec transform-set myset1 esp-des esp-md5-hmac

crypto ipsec transform-set myset2 esp-des esp-md5-hmac

mode transport

crypto ipsec transform-set myset3 esp-des esp-md5-hmac

mode transport

!

crypto dynamic-map dynmap 10

set transform-set myset

!

!

crypto map clientmap client authentication list userauthen

crypto map clientmap isakmp authorization list groupauthor

crypto map clientmap client configuration address respond

crypto map clientmap 5 ipsec-isakmp

set peer xxx.xxx.xxx.xxx

set transform-set myset1

match address 115

crypto map clientmap 6 ipsec-isakmp

set peer xxx.xxx.xxx.xxx

set transform-set myset2

match address 116

crypto map clientmap 7 ipsec-isakmp

set peer xxx.xxx.xxx.xxx

set transform-set myset3

match address 117

crypto map clientmap 10 ipsec-isakmp dynamic dynmap

!

!

!

!

!

!

!

!

!

!

!

!

mta receive maximum-recipients 0

!

!

!

!

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

ip nat inside

no ip mroute-cache

speed auto

half-duplex

!

interface FastEthernet0/1

ip address xxx.xxx.xxx.xxx 255.255.255.252

ip nat outside

no ip mroute-cache

duplex auto

speed auto

crypto map clientmap

!

ip local pool ippool 192.168.200.1 192.168.200.254

ip nat inside source route-map nonat interface FastEthernet0/1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx

ip route xxx.xxx.xxx.xxx 255.255.192.0 192.168.1.101

ip route 192.168.0.0 255.255.255.0 xxx.xxx.xxx.xxx

ip route 192.168.10.0 255.255.255.0 xxx.xxx.xxx.xxx

ip route xxx.xxx.xxx.xxx 255.255.255.0 xxx.xxx.xxx.xxx

ip http server

!

!

ip access-list extended addr-pool

ip access-list extended default-domain

ip access-list extended dns-servers

ip access-list extended idletime

ip access-list extended inacl

ip access-list extended key-exchange

ip access-list extended protocol

ip access-list extended service

ip access-list extended timeout

ip access-list extended tunnel-password

!

access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255

access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.200.0 0.0.0.255

access-list 101 deny ip 192.168.1.0 0.0.0.255 xxx.xxx.xxx.xxx

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 115 permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255

access-list 115 permit ip xxx.xxx.xxx.xxx 0.0.31.255 192.168.0.0 0.0.0.255

access-list 116 permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 116 permit ip xxx.xxx.xxx.xxx 0.0.31.255 192.168.10.0 0.0.0.255

access-list 117 permit ip 192.168.1.0 0.0.0.255 xxx.xxx.xxx.xxx 0.0.0.255

access-list 117 permit ip xxx.xxx.xxx.xxx 0.0.31.255 xxx.xxx.xxx.xxx 0.0.0.255

!

route-map nonat permit 10

match ip address 101

!

radius-server authorization permit missing Service-Type

call rsvp-sync

!

!

mgcp profile default

!

!

!

dial-peer cor custom

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

password xxxxxx

!

!

end

Labels:
0 Helpful
2 Replies 2

sirpa_k
Level 1
Level 1

‎10-14-2003 09:11 AM

No specific config requiered on 2611, it accepts calls by default.

0 Helpful

mljevakovic
Level 3
Level 3
In response to sirpa_k

‎10-16-2003 12:26 AM

how do I have to configure Cisco 804 that I can access cisco 2611xm in regarding the configuration on it?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents