Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Setup VPN on 877

Hi,

I have a 877 Router with software version 12.4(15)T7. We have several users that want to VPN into site. Can you point me to a doc that explains how to setup the VPN on the 877 Router?

I have a telnet connection to the 877 and therefore, will need to perform work over CLI instead of SDM.

Thanks,

2 REPLIES

Re: Setup VPN on 877

New Member

Re: Setup VPN on 877

I've created the config. However, I get Invalid SPI size (PayloadNotify:116) error on vpn client.

here is config:

mhsrtr#sh runn

Building configuration...

Current configuration : 6198 bytes

!

! Last configuration change at 15:54:03 CDT Mon Apr 20 2009 by admin

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname mhsrtr

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

aaa new-model

!

!

aaa authentication login rtr-remote local

!

!

aaa session-id common

clock timezone CST -6

clock summer-time CDT recurring

!

crypto pki trustpoint TP-self-signed-2419240079

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2419240079

revocation-check none

rsakeypair TP-self-signed-2419240079

!

!

!

no ip domain lookup

ip domain name xxxx

ip name-server xxxx

ip name-server xxxx

!

multilink bundle-name authenticated

!

!

username admin privilege 15 secret 5 $1$C6Dr$kCtbvShoEGvolf4xnZzrx.

username xxxx password 0 xxxx

!

!

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

lifetime 480

!

crypto isakmp client configuration group rtr-remote

key xxxx

dns x.x.x.x

domain xxxx

!

crypto ipsec security-association lifetime seconds 86400

!

crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac

!

crypto ipsec client ezvpn ezvpnclient

connect auto

group ezvpnclient key xxxx

mode client

peer xxxx

xauth userid mode interactive

!

!

crypto dynamic-map dynmap 1

set transform-set vpn1

reverse-route

!

!

crypto map dynmap isakmp authorization list rtr-remote

crypto map dynmap client configuration address respond

!

crypto map static-map 1 ipsec-isakmp dynamic dynmap

!

archive

log config

hidekeys

!

!

!

!

!

interface ATM0

no ip address

ip virtual-reassembly

no atm ilmi-keepalive

dsl operating-mode auto

crypto ipsec client ezvpn ezvpnclient

!

interface ATM0.1 point-to-point

pvc 0/35

pppoe-client dial-pool-number 1

!

!

interface FastEthernet0

!

interface FastEthernet1

crypto map static-map

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface Dialer0

mtu 1492

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

no cdp enable

ppp pap sent-username xxxx password 0 xxxx

!

ip local pool vpn_addr_pool 192.168.11.10 192.168.11.20

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

!

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface Dialer0 overload

!

access-list 1 permit 192.0.0.0 0.255.255.255

dialer-list 1 protocol ip permit

no cdp run

!

!

!

!

control-plane

!

banner exec ^C

% Password expiration warning.

-----------------------------------------------------------------------

mhsrtr#

252
Views
0
Helpful
2
Replies