Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

kmb
New Member

2800 Router need config example simple VPN local username DB

Hello,

I need a config example on how to setup VPN on a 2800 router using local usernames database and pre-shared key or whatever is the simplest.

Nothing special needed here.

All the examples are for special features like Radius authen.

I just want to use our Cisco VPN clients (4.7.00.0533) to connect to this remote 2800 router which has a 3G Sprint cellular outside interface NAT w/Overload.

Thanks.

2 REPLIES
Cisco Employee

Re: 2800 Router need config example simple VPN local username DB

Keith,

This document might be a little bit more than you need (it assumes you also want to send the VPN client traffic over an existing VPN), but I picked it because it has a complete example of software based VPN client connection to a router using local authentication and it also shows you how to exempt the VPN client traffic from NAT:

http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a00809c7171.shtml#add

Some notes to make the document fit your scenario:

-Your NAT_Exempt ACL will just be sourced from your inside network (or any) going to the VPN pool. You dont need the L2L networks defined.

-You can skip step 3 entirely. You dont need to define any L2L information.

-Step 4, your ACL just needs to be sourced from your inside network to the VPN pool. You dont need the L2L networks defined.

-heather

kmb
New Member

Re: 2800 Router need config example simple VPN local username DB

This document overwelms me.

I only have one router in this particular situation.

Why would I need a ACL to disable NAT if there are no other branch office routers?

Let me try a different aproach.

Below is my current config.

What am I missing?

Thanks.

Current configuration : 2977 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname "--Removed--"
!
boot-start-marker
boot-end-marker
!
enable secret "--Removed--"
enable password "--Removed--"
!
no aaa new-model
dot11 syslog
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.100 192.168.1.254
!
ip dhcp pool Ethernet_0_pool
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.254
   dns-server 206.228.179.10 144.228.254.10 144.228.255.10
!
!
ip domain name dyndns.org
ip name-server 206.228.179.10
ip ddns update method dyndnsdotorg
HTTP
  add http://user:password@members.dyndns.org/nic/update?system=dyndns&hostname=&myip=>
!
!
multilink bundle-name authenticated
!
chat-script cdma "" "ATDT#777"  TIMEOUT 60 "CONNECT"
password encryption aes
!
!
!
!
username user password "--Removed--"
archive
log config
  hidekeys
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Cellular0/3/0
ip dhcp client update dns
ip ddns update hostname "--Removed--"
ip ddns update dyndnsdotorg
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer string cdma
dialer-group 1
async mode interactive
ppp chap password "--Removed--"
!
interface Async0/1/0
no ip address
encapsulation slip
!
ip local pool VPNpool 192.168.2.100 192.168.2.200
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Cellular0/3/0
!
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Cellular0/3/0 overload
!
logging trap debugging
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 remark Nat Access-List
access-list 2 permit any
access-list 2 remark triggers Cellular0/3/0 to dial.
dialer-list 1 protocol ip list 2
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line 0/1/0
password "--Removed--"
login
modem Dialin
transport input all
stopbits 1
speed 115200
flowcontrol hardware
line 0/3/0
script dialer cdma
no exec
rxspeed 3100000
txspeed 1800000
line vty 0 4
login
!
scheduler allocate 20000 1000
ntp clock-period 17180000
ntp source Cellular0/3/0
ntp peer 129.6.15.28
!
end

948
Views
0
Helpful
2
Replies