Ive followed every wizard in the CCP program to setup a simple VPN so I can access my work ne
twork from home and nothing works. I am lost and out of ideas.
Can anyone give me a simple walkthrough on setting one up? I just want to be able to setup a connection in windows that i can "connect" to from my home cable internet using a username/password that will allow me to access the network from home as if my computer was there at the office.
Do I need special software on the remote computer? Ive seen people connect to vpns just using windows vpn connection setup, i assume via IPSEC?
You can connect using the VPN client software from Cisco using IPsec.
Or you can connect using windows native VPN client (PPTP or L2TP).
Which protocol are you trying and we can send you a link.
I cant get any method to work, but i dont have any software from cisco for the VPN so lets assume windows native vpn connection.
Trying to find a nice clean document but I don't see.
Take a look at this discussion:
I dont really see any answer at all. What i really need is to know what i need to setup on the router to allow for the connection to work.
I already know how to use windows vpn native client, i just need to get the router to accept vpn connections.
This is more or less how the configuration on the router goes:
username l2tp-w2k password 0 ww
!--- This is the password for the Windows 2000 client.
!--- With AAA, the username and password can be offloaded to the external
!--- AAA server.
!--- Activates VPDN.
!--- This is the default L2TP VPDN group.
!--- This allows L2TP on this VPDN group.
!--- Use virtual-template 1 for the virtual-interface configuration.
no l2tp tunnel authentication
!--- The L2TP tunnel is not authenticated.
!--- Tunnel authentication is not needed because the client will be
!--- authenticated using PPP CHAP/PAP. Keep in mind that the client is the
!--- only user of the tunnel, so client authentication is sufficient.
interface loopback 0
ip address 220.127.116.11 255.255.255.255
ip address 18.104.22.168 255.255.255.0
ip router isis
!--- Virtual-Template interface specified in the vpdn-group configuration.
ip unnumbered Loopback0
peer default ip address pool pptp
!--- IP address for the client obtained from IP pool named pptp (defined below).
ppp authentication chap
ip local pool pptp 22.214.171.124 126.96.36.199
!--- This defines the "Internal" IP address pool (named pptp) for the client.
ip route 188.8.131.52 255.255.255.0 184.108.40.206
i tried what you gave me and nothing works. Can you explain your IP schemes? They dont make
sense. My IP pools as it stands for the Vlans i have are 10.10.10.1 and 10.10.20.1. And for example sake my outside IP is 192.168.
This link explains how to configure the router to accept IPsec VPN connections from a client:
The feature is called EzVPN server and you need the IPsec client installed on the client machine.
If you use the GUI, you should be able to configure the other VPN type (L2TP), I just don't seem to find a good link on the web for it.
The following assumes that FastEthernet 0/1 is NAT outside and 0/0 is NAT inside.
From global config mode: (just add theses lines to the ACL you already have on outside)
##Access list to permit IPSEC/ISAKMP packets.
ip access-list ex outside-interface-in
permit udp any host 192.168.1.1 eq isakmp
permit udp any host 192.168.1.1 eq non500-isakmp
permit ahp any host 192.168.1.1
permit esp any host 192.168.1.1
##Access list for split tunneling so that you can still access internet from your remote client while tunneled to work.
ip access-list ex SPLIT_TUNNEL
permit ip 10.10.10.0 0.0.0.255 any
permit ip 10.20.20.0 0.0.0.255 any
##Addresses assigned to remote access VPN clients.
ip local pool VPNPOOL 10.40.40.1 10.40.40.20
##If you already have login authentication and network authorization configured, just stick with what you have.
aaa authentication login LOCAL_AUTHEN local
aaa authorization network GROUP_AUTHOR local
username myvpnuser secret MYSECRETPASSWORD
int fa 0/1
ip access-group outside-interface-in in
crypto isakmp enable
crypto isakmp policy 10
encryption aes 256
crypto ipsec transform-set MYSET esp-aes 256 esp-sha-hmac
crypto isakmp client configuration group MYVPNGROUP
wins 10.10.10.6 ##whatever they are.
crypto dynamic map MYDYNMAP 1
set transform-set MYSET
crypto map MYMAP client authentication list LOCAL_AUTHEN
crypto map MYMAP isakmp authroization list GROUP_AUTHOR
crypto map MYMAP client configuration address respond
crypto map MYMAP 10 ipsec-isakmp dynamic MYDYNMAP
crypto map MYMAP
I think that's pretty much it.
To set up the client, you need the group name (MYVPNGROUP), the outside address of your router, the key from the "crypto isakmp client" section, and your username and password. I highly recommend getting hold of the Cisco Easy VPN client, but this should work with the Windows client.