05-22-2014 12:09 PM
Would very much appreciate some assistance configuring client/server VPN on 1841 Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(25g)
CISCO_1841#sho run
Building configuration...
Current configuration : 6155 bytes
!
! Last configuration change at 20:56:15 EDT Tue May 20 2014 by northnet
! NVRAM config last updated at 20:46:06 EDT Tue May 20 2014 by northnet
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec localtime
service password-encryption
!
hostname CISCO_1841
!
boot-start-marker
boot config flash:running-config
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 $1$NQDK$tuRCWqVxH7tRsZdHSczUJ1
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login userauthen local
aaa authorization network default local
aaa authorization network groupauthor local
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.100.1 192.168.100.25
!
ip dhcp pool DATA
network 192.168.100.0 255.255.255.0
dns-server 75.75.75.75 8.8.8.8
default-router 192.168.100.1
!
ip dhcp pool WIRELESS
network 192.168.103.0 255.255.255.0
dns-server 75.75.75.75 8.8.8.8
default-router 192.168.103.1
!
ip dhcp pool CANON
host 192.168.100.5 255.255.255.0
client-identifier 0100.1e8f.39c0.c4
!
ip dhcp pool NETGEAR_AP
hardware-address 0018.4d49.7796
!
ip dhcp pool MONITOR
host 192.168.100.174 255.255.255.0
client-identifier 0100.2170.476e.10
!
ip dhcp pool VOIP
network 192.168.102.0 255.255.255.0
dns-server 75.75.75.75 8.8.8.8
default-router 192.168.102.1
!
ip dhcp pool SUT
network 192.168.101.0 255.255.255.0
dns-server 75.75.75.75 8.8.8.8
default-router 192.168.101.1
!
!
ip ddns update method no-ip
HTTP
add http://xxx:xxx@dynupdate.no-ip.com/nic/update?hostname=x.x.x&myip=x.x.x.x
interval maximum 0 4 0 0
!
!
async-bootp dns-server 8.8.8.8
!
crypto pki trustpoint TP-self-signed-2714623577
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2714623577
revocation-check none
rsakeypair TP-self-signed-2714623577
!
!
crypto pki certificate chain TP-self-signed-2714623577
certificate self-signed 01
30820257 308201C0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373134 36323335 3737301E 170D3134 30353138 32333530
34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37313436
quit
username xxx secret 5 $1$ffKd$1jNa1UZmYz8x/wmHWowlh.
username xxx secret 5 $1$ePv7$ohkQUL0maM1RbPOMF/Sxg/
username xxx secret 5 $1$9Qku$fWUZUC68QFEp43q2fMwd31
username xxx privilege 15 password 7 0305550F140A36181B504E
username xxx privilege 15 secret 5 $1$eXR.$oGpc7tWWGlf0LwDX6NMag0
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group vpnclient
key northnetvpn
dns 8.8.8.8
pool DATA
acl ACL_MATCH_LOCAL
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
reverse-route
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
interface FastEthernet0/0
ip ddns update hostname northshire.no-ip.biz
ip ddns update no-ip
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map clientmap
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.100
encapsulation dot1Q 100
ip address 192.168.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.101
encapsulation dot1Q 101
ip address 192.168.101.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.102
encapsulation dot1Q 102
ip address 192.168.102.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.103
encapsulation dot1Q 103
ip nat inside
ip virtual-reassembly
!
interface Serial0/0/0
no ip address
shutdown
!
no ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list ACL_MATCH_LOCAL interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.100.174 3389 interface FastEthernet0/0 3389
ip dns server
!
ip access-list extended ACL_MATCH_LOCAL
permit ip 192.168.0.0 0.0.255.255 any
permit ip 192.168.100.0 0.0.0.255 any
permit ip 192.168.102.0 0.0.0.255 any
permit ip 192.168.103.0 0.0.0.255 any
permit ip 192.168.101.0 0.0.0.255 any
!
!
!
control-plane
!
!
line con 0
line aux 0
transport input ssh
line vty 0 4
privilege level 15
transport input telnet ssh
transport output telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17178996
ntp server 198.144.194.12 prefer
end
06-09-2014 06:41 AM
Anyone have any suggestions for me?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide