Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to configure VPN server on IOS firewall with PPPoE?

I have a c2651xm running 12.4(1a) ADVENTERPRISEK9-M. It's configured as an IOS firewall with NAT inside and a PPPoE dialer on the outside. I would like to add VPN server on the outside interface so I can access the inside network remotely using Cisco VPN client. How do I do this?

Thanks!

2 REPLIES

Re: How to configure VPN server on IOS firewall with PPPoE?

hi

do refer this link for more info on configuring the same in your router ..

http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html

regds

New Member

Re: How to configure VPN server on IOS firewall with PPPoE?

Thanks for the link. I have the VPN configured in the following way:

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp xauth timeout 15

crypto isakmp client configuration group vpngroup

key somekey0

pool vpnpool0

max-users 5

netmask 255.255.255.0

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map vpn_dynmap 1

set transform-set ESP-3DES-SHA

reverse-route

crypto map vpn_access client authentication list vpn_authen

crypto map vpn_access isakmp authorization list vpn_author

crypto map vpn_access client configuration address respond

crypto map vpn_access 65535 ipsec-isakmp dynamic vpn_dynmap

interface Dialer0

crypto map vpn_access

ip nat inside source route-map route_map0 interface Dialer0 overload

ip local pool vpnpool0 172.16.0.1 172.16.0.5

aaa authentication login vpn_authen local

aaa authorization network vpn_author local

route-map route_map0 permit 1

match ip address 102

access-list 102 deny ip any host 172.16.0.1

access-list 102 deny ip any host 172.16.0.2

access-list 102 deny ip any host 172.16.0.3

access-list 102 deny ip any host 172.16.0.4

access-list 102 deny ip any host 172.16.0.5

access-list 102 permit ip 192.168.0.0 0.0.0.255 any

...but when I actually try to connect using VPN client on the remote end, it starts negotiating the handshake, then pops up a dialog box asking for the username and password - I'm not sure what credentials to use. I'd like to have it setup so that the group name and pre shared key are enough to authenticate. How can I do that?

Thank you!

394
Views
0
Helpful
2
Replies
CreatePlease login to create content