Re: Simple VPN Setup - 515e ?

PE-PatInBC · ‎10-10-2005

I am searching to find how to setup Client VPN access to my PIX. I have read a bunch of different VPN related posts but can't seem to quite find a reference that clearly points out the basics.

What is the easiest way to configure VPN access for a handful of VPN users ? Is there a good basic resource available ?

jackko · ‎10-10-2005

have a read of this doc:

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2308/products_configuration_example09186a00801e71c0.shtml

Patrick Iseli · ‎10-11-2005

Here is an example config without AAA Authentication and local user authentification.

Example config:

access-list NONAT permit ip Internalnet ISubnet VPN-Pool 255.255.255.0

access-list DYN-VPN-ACL permit ip Internalnet ISubnet VPN-Pool 255.255.255.0

aaa-server LOCAL protocol local

aaa authentication secure-http-client

sysopt connection permit-ipsec

crypto ipsec transform-set TRANS esp-3des esp-md5-hmac

crypto dynamic-map outside_dyn_map 20 match address DYN-VPN-ACL

crypto dynamic-map outside_dyn_map 20 set transform-set TRANS

crypto map REMOTE 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map REMOTE client authentication LOCAL

crypto map REMOTE interface outside

isakmp enable outside

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

ip local pool VPNPool x.y.z.1-x.y.z.254

vpngroup VPNGroup address-pool VPNPool

vpngroup VPNGroup dns-server dns2 dns1

vpngroup VPNGroup default-domain localdomain

vpngroup VPNGroup idle-time 1800

vpngroup VPNGroup password grouppassword

username vpnclient password vpnclient-password