Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need help with configuring vpn client parameters on cisco 1941

Hey all,

I just bought a new 1941 router ISR and need help with configuring parameters for the VPN client. The commands look a little different on here as I am used to configuring ASA and PIX for vpn, not routers...

Can someone help with the commands?

I need to setup:

usernames, group authentication, etc

Thank yoU!

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Need help with configuring vpn client parameters on cisco 19

Have a look a the below config examples - everything you need:-

http://www.cisco.com/en/US/products/ps5854/prod_configuration_examples_list.html

HTH>

Andrew.

3 REPLIES

Re: Need help with configuring vpn client parameters on cisco 19

Have a look a the below config examples - everything you need:-

http://www.cisco.com/en/US/products/ps5854/prod_configuration_examples_list.html

HTH>

Andrew.

Re: Need help with configuring vpn client parameters on cisco 19

Re: Need help with configuring vpn client parameters on cisco 19

crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!

crypto isakmp keepalive 3600 5
crypto isakmp nat keepalive 3600
crypto isakmp xauth timeout 60

!
crypto isakmp client configuration group vpn-client-group
key MySeCrEt
dns 10.1.1.1 10.1.1.2
domain mydomain.com
pool ippool
acl 108
include-local-lan
!
!
crypto ipsec transform-set AES-STRONG esp-aes esp-sha-hmac
!
crypto dynamic-map dynmap 20
set transform-set AES-STRONG
!
crypto map mycompany_vpn client authentication list userauthen
crypto map mycompany_vpn isakmp authorization list groupauthor
crypto map mycompany_vpn client configuration address initiate
crypto map mycompany_vpn client configuration address respond
crypto map mycompany_vpn 20 ipsec-isakmp dynamic dynmap

!
Apply the crpyto map to the interface. Make sure to make the interesting traffic ACL (108 above) and no NAT the traffic. Creat local user accounts with;

username vpn-mmessier secret [vpn password]

Check this link for more examples.

http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html#anchor15

Hope it helps.

3592
Views
0
Helpful
3
Replies
CreatePlease login to create content