Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
262
Views
0
Helpful
1
Replies

Help with VPN on 1841 please

Mark
Level 1
Level 1

‎05-22-2014 12:09 PM

Would very much appreciate some assistance configuring client/server VPN on 1841 Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(25g)

CISCO_1841#sho run
Building configuration...

Current configuration : 6155 bytes
!
! Last configuration change at 20:56:15 EDT Tue May 20 2014 by northnet
! NVRAM config last updated at 20:46:06 EDT Tue May 20 2014 by northnet
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec localtime
service password-encryption
!
hostname CISCO_1841
!
boot-start-marker
boot config flash:running-config
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 $1$NQDK$tuRCWqVxH7tRsZdHSczUJ1
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login userauthen local
aaa authorization network default local
aaa authorization network groupauthor local
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.100.1 192.168.100.25
!
ip dhcp pool DATA
   network 192.168.100.0 255.255.255.0
   dns-server 75.75.75.75 8.8.8.8
   default-router 192.168.100.1
!
ip dhcp pool WIRELESS
   network 192.168.103.0 255.255.255.0
   dns-server 75.75.75.75 8.8.8.8
   default-router 192.168.103.1
!
ip dhcp pool CANON
   host 192.168.100.5 255.255.255.0
   client-identifier 0100.1e8f.39c0.c4
!
ip dhcp pool NETGEAR_AP
   hardware-address 0018.4d49.7796
!
ip dhcp pool MONITOR
   host 192.168.100.174 255.255.255.0
   client-identifier 0100.2170.476e.10
!
ip dhcp pool VOIP
   network 192.168.102.0 255.255.255.0
   dns-server 75.75.75.75 8.8.8.8
   default-router 192.168.102.1
!
ip dhcp pool SUT
   network 192.168.101.0 255.255.255.0
   dns-server 75.75.75.75 8.8.8.8
   default-router 192.168.101.1
!
!
ip ddns update method no-ip
 HTTP
  add http://xxx:xxx@dynupdate.no-ip.com/nic/update?hostname=x.x.x&myip=x.x.x.x
 interval maximum 0 4 0 0
!
!
async-bootp dns-server 8.8.8.8
!
crypto pki trustpoint TP-self-signed-2714623577
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2714623577
 revocation-check none
 rsakeypair TP-self-signed-2714623577
!
!
crypto pki certificate chain TP-self-signed-2714623577
 certificate self-signed 01
  30820257 308201C0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32373134 36323335 3737301E 170D3134 30353138 32333530
  34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37313436

  quit
username xxx secret 5 $1$ffKd$1jNa1UZmYz8x/wmHWowlh.
username xxx secret 5 $1$ePv7$ohkQUL0maM1RbPOMF/Sxg/
username xxx secret 5 $1$9Qku$fWUZUC68QFEp43q2fMwd31
username xxx privilege 15 password 7 0305550F140A36181B504E
username xxx privilege 15 secret 5 $1$eXR.$oGpc7tWWGlf0LwDX6NMag0
!
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group vpnclient
 key northnetvpn
 dns 8.8.8.8
 pool DATA
 acl ACL_MATCH_LOCAL
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
 set transform-set myset
 reverse-route
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
interface FastEthernet0/0
 ip ddns update hostname northshire.no-ip.biz
 ip ddns update no-ip
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 no cdp enable
 crypto map clientmap
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1.100
 encapsulation dot1Q 100
 ip address 192.168.100.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface FastEthernet0/1.101
 encapsulation dot1Q 101
 ip address 192.168.101.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface FastEthernet0/1.102
 encapsulation dot1Q 102
 ip address 192.168.102.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface FastEthernet0/1.103
 encapsulation dot1Q 103
 ip nat inside
 ip virtual-reassembly
!
interface Serial0/0/0
 no ip address
 shutdown
!
no ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list ACL_MATCH_LOCAL interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.100.174 3389 interface FastEthernet0/0 3389
ip dns server
!
ip access-list extended ACL_MATCH_LOCAL
 permit ip 192.168.0.0 0.0.255.255 any
 permit ip 192.168.100.0 0.0.0.255 any
 permit ip 192.168.102.0 0.0.0.255 any
 permit ip 192.168.103.0 0.0.0.255 any
 permit ip 192.168.101.0 0.0.0.255 any
!
!
!
control-plane
!
!
line con 0
line aux 0
 transport input ssh
line vty 0 4
 privilege level 15
 transport input telnet ssh
 transport output telnet ssh
line vty 5 15
 privilege level 15
 transport input telnet ssh
 transport output telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17178996
ntp server 198.144.194.12 prefer
end

Labels:
0 Helpful
1 Reply 1

Mark
Level 1
Level 1

‎06-09-2014 06:41 AM

Anyone have any suggestions for me?

0 Helpful
Customers Also Viewed These Support Documents