Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > VPN on a 1760

Reply
Thread Tools

VPN on a 1760

 
 
Jaime
Guest
Posts: n/a
 
      12-14-2004
I use the following config on a 1760 router to support Cisco VPN clients.

What should I do to support also Microsoft VPN clients ?

Thanks

!
username ***** password 0 *****
aaa new-model
!
!
aaa authentication login VPNAUTHEN local
aaa authorization network VPNAUTHOR local
aaa session-id common
ip subnet-zero
!
ip cef
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group TECDES
key 0 *****
dns 192.168.28.100
pool TECDES
!
crypto ipsec transform-set vpn esp-3des esp-md5-hmac
!
crypto dynamic-map VPNCLIENT 10
set transform-set vpn
reverse-route
!
crypto map tunel_ep client authentication list VPNAUTHEN
crypto map tunel_ep isakmp authorization list VPNAUTHOR
crypto map tunel_ep client configuration address respond
!
crypto map tunel_ep 30 ipsec-isakmp dynamic VPNCLIENT
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$
ip address ***.***.***.* 255.255.255.248
no ip redirects
no ip proxy-arp
speed 100
full-duplex
no cdp enable
crypto map tunel_ep
!
ip local pool TECDES 192.168.56.1 192.168.56.254
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.x
ip route 172.16.89.0 255.255.255.0 xxx.xxx.xxx.x
ip route 192.168.28.0 255.255.255.0 xxx.xxx.xxx.x
ip route 192.168.101.0 255.255.255.0 xxx.Xxx.Xxx.x
ip route xxx.xxx.xx.x 255.255.255.255 Xxx.xxx.Xxx.x
no ip http server
no ip http secure-server
!
 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      12-14-2004
In article <(E-Mail Removed) >,
Jaime <(E-Mail Removed)> wrote:
:I use the following config on a 1760 router to support Cisco VPN clients.

:What should I do to support also Microsoft VPN clients ?

If I recall correctly, XP supports IPSec, so you wouldn't have to do
anything extra for XP.

For previous versions, you would need to configure vpdn for PPTP.
If you search cisco's web site, there should be some good example
configurations of configuring PPTP.
--
If a troll and a half can hook a reader and a half in a posting and a half,
how many readers can six trolls hook in six postings?
 
Reply With Quote
 
 
 
 
Phillip Remaker
Guest
Posts: n/a
 
      12-14-2004

"Jaime" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I use the following config on a 1760 router to support Cisco VPN clients.
>
> What should I do to support also Microsoft VPN clients ?


Which kind? L2TP or PPTP?

If you are doing roaming users (as opposed to fixed) PPTP is better.

A fellow did a great writeup at
http://my.execpc.com/~keithp/pptp.htm

Punchline:

(3DES S/W required)

Copied from above website

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
scheduler max-task-time 5000
!
no ip http server
no ip domain lookup
!
ip subnet-zero
ip classless
!
!
hostname 806-pptp
enable secret 5 $1$CD8.$mZPRQ4nMwOKjdksI4XKMz.
!
!
! Fall-back local auth parameters in case of RADIUS server failure
username keith password 0 LETMEIN
!
!
! Set up authentication to use RADIUS server as
! the primary and local (above) as a fall-back
aaa new-model
aaa authentication ppp default group radius local
aaa authorization network default if-authenticated
aaa session-id common
!
!
! Point to RADIUS server on private LAN for
! authentication of connecting users
radius-server host 172.17.1.20 auth-port 1645 acct-port 1646
radius-server key LETMEIN
radius-server authorization permit missing Service-Type
!
!
vpdn enable
!
! Default PPTP VPDN group
vpdn-group 1
accept-dialin
protocol pptp
virtual-template 1
!
!
! This virtual interface is set up on the
! router for each connecting client PC
interface Virtual-Template1
ip unnumbered Ethernet0
ip mroute-cache
peer default ip address pool DIAL-IN
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2
!
!
! Set up a pool of 11 addresses on the private LAN dynamially
! assigned to the DUN interfaces of connecting client PCs
ip local pool DIAL-IN 172.17.8.210 172.17.8.220
!
!
! DNS and WINS server values given to client PCs
! during client dynamic address assignments
async-bootp dns-server 172.17.1.26
async-bootp nbns-server 172.17.1.26
!
!
! 'Inside' interface with private LAN address
interface Ethernet0
ip address 172.17.8.200 255.255.0.0
hold-queue 100 out
!
! 'Outside' interface with public IP address [ficticous address]
interface Ethernet1
ip address 205.148.34.77 255.255.255.240
!
! Default route out to ISP [ficticous address]
ip route 0.0.0.0 0.0.0.0 205.148.34.65
!
!
line con 0
exec-timeout 30 0
stopbits 1
line vty 0 4
login
password LETMEIN
!
end



 
Reply With Quote
 
Rob
Guest
Posts: n/a
 
      12-15-2004
I did a VPDN PPTP server on a 1710 router just a few weeks ago. I
had problems with new 12.3 IOS images. 12.3(T5 didn't work at all,
and the latest 12.3 LD release disconnected the user during long file
transfers through the PPTP session. It was very intermittent. I went
back the oldest IOS that the 1710 would support, something from the
12.2.15T train, and it works fine.

It sucked because I really wanted it to be a dual IPSEC Easy-VPN
server and PPTP server, but since I couldn't use the later IOS, that
was not to be. Perhaps a 2600 or better router might work better, but
that was my experience.

-Robert



On Tue, 14 Dec 2004 15:10:00 -0800, "Phillip Remaker"
<(E-Mail Removed)> wrote:

>
>"Jaime" <(E-Mail Removed)> wrote in message
>news:(E-Mail Removed). com...
>> I use the following config on a 1760 router to support Cisco VPN clients.
>>
>> What should I do to support also Microsoft VPN clients ?

>
>Which kind? L2TP or PPTP?
>
>If you are doing roaming users (as opposed to fixed) PPTP is better.
>
>A fellow did a great writeup at
>http://my.execpc.com/~keithp/pptp.htm


 
Reply With Quote
 
Jaime
Guest
Posts: n/a
 
      12-15-2004
Thanks Phillip, your post was a great help !

"Phillip Remaker" <(E-Mail Removed)> escribió en el mensaje
news:1103066073.813576@sj-nntpcache-3...
>
> "Jaime" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
> > I use the following config on a 1760 router to support Cisco VPN

clients.
> >
> > What should I do to support also Microsoft VPN clients ?

>
> Which kind? L2TP or PPTP?
>
> If you are doing roaming users (as opposed to fixed) PPTP is better.
>
> A fellow did a great writeup at
> http://my.execpc.com/~keithp/pptp.htm
>
> Punchline:
>
> (3DES S/W required)
>
> Copied from above website
>
> version 12.2
> no service pad
> service timestamps debug uptime
> service timestamps log uptime
> scheduler max-task-time 5000
> !
> no ip http server
> no ip domain lookup
> !
> ip subnet-zero
> ip classless
> !
> !
> hostname 806-pptp
> enable secret 5 $1$CD8.$mZPRQ4nMwOKjdksI4XKMz.
> !
> !
> ! Fall-back local auth parameters in case of RADIUS server failure
> username keith password 0 LETMEIN
> !
> !
> ! Set up authentication to use RADIUS server as
> ! the primary and local (above) as a fall-back
> aaa new-model
> aaa authentication ppp default group radius local
> aaa authorization network default if-authenticated
> aaa session-id common
> !
> !
> ! Point to RADIUS server on private LAN for
> ! authentication of connecting users
> radius-server host 172.17.1.20 auth-port 1645 acct-port 1646
> radius-server key LETMEIN
> radius-server authorization permit missing Service-Type
> !
> !
> vpdn enable
> !
> ! Default PPTP VPDN group
> vpdn-group 1
> accept-dialin
> protocol pptp
> virtual-template 1
> !
> !
> ! This virtual interface is set up on the
> ! router for each connecting client PC
> interface Virtual-Template1
> ip unnumbered Ethernet0
> ip mroute-cache
> peer default ip address pool DIAL-IN
> ppp encrypt mppe auto required
> ppp authentication ms-chap ms-chap-v2
> !
> !
> ! Set up a pool of 11 addresses on the private LAN dynamially
> ! assigned to the DUN interfaces of connecting client PCs
> ip local pool DIAL-IN 172.17.8.210 172.17.8.220
> !
> !
> ! DNS and WINS server values given to client PCs
> ! during client dynamic address assignments
> async-bootp dns-server 172.17.1.26
> async-bootp nbns-server 172.17.1.26
> !
> !
> ! 'Inside' interface with private LAN address
> interface Ethernet0
> ip address 172.17.8.200 255.255.0.0
> hold-queue 100 out
> !
> ! 'Outside' interface with public IP address [ficticous address]
> interface Ethernet1
> ip address 205.148.34.77 255.255.255.240
> !
> ! Default route out to ISP [ficticous address]
> ip route 0.0.0.0 0.0.0.0 205.148.34.65
> !
> !
> line con 0
> exec-timeout 30 0
> stopbits 1
> line vty 0 4
> login
> password LETMEIN
> !
> end
>
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco 1760 VPN server problem rcbandit General Computer Support 0 10-22-2011 01:48 PM
Cisco 1760 router and VPN client Connection Issues jeroen.muskee@googlemail.com Cisco 5 01-09-2008 12:02 AM
Cisco 1760, Advanced Security, and VPN? John Heitmuller Cisco 1 02-05-2007 10:22 PM
PIX 501 to 1760 VPN allowing one way traffic only Paul Cisco 1 12-06-2004 10:35 PM
rate-limiting cisco 1760 sdsl-wic Jeroen Cisco 0 01-05-2004 11:46 AM



Advertisments