configuration vpn example on cisco router 2611XM

maher · ‎04-10-2004

Hi there,

I'm still new on the VPN on cisco routers.I'm trying to establish point to point VPN connection.

My provider ask me to configure these type of configuration at my router and I dont know how to do it:

---begin-------------------------------

IKE Properties

Key Negotiation Enc Methods: 3DES

Hash Methods:MD5

Auth Methods:Pre-shared secret

Support Aggressive mode:(Y/N):No

Support Subnet(Y/N):Yes

Shared Secret:xxx

IKE Properties (Under Policy Editor)

Transform:Enccyption + Data integrity(ESP)

Enc Algorithm: 3DES

Data Intigrity: MD5

Allowed Peer Gateway:210.x.x.x

Use perfect forward secrecy(Y/N): No

IKE Phase I lifetime -> 86400s

Phase II Lifetime -> 3600s

DH Group ->Group 1

----end----------------------------------

Is there any example for me to follow?

Thanks in advance.

maher

ehirsel · ‎04-13-2004

The link here describes an example of configuring IPSec under IOS 12.1 code:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt4/scdipsec.htm#1001813

What version of the vpn client are you using, and what version of IOS will be unning on the router? I could help you better if I know the versions of both.

If you are using cisco vpn client v3 or higher, ios 12.2T and later supports it. Cisco vpn client v1.1 and 1.0 are supported under IOS 12.0 mainlaine and higher.

The issue with the vpn client is that because you most likely will have a different ip address every time you connect, the wildcard pre-share key config on the router (ios 12.0 mainline) needs to be set.

I hope this help, Ed Hirsel

maher · ‎04-13-2004

Hi there,

Thanks for the reply and link. I'm not sure whether I need to use the VPN client bacause my routers pre-loaded with IOS : c2600-i-mz.122-8.T5 which does not support IPSec, 3DES and other security features.

I try to get back to the ISP and will give following details asap.

thanks again.

maher