Remote Access VPN - Cisco 1710

Discussion in 'Cisco' started by Rafael, Dec 11, 2003.

  1. Rafael

    Rafael Guest

    Hi,

    Can anyone direct me to a link that describes how to terminate a
    remote access VPN connection on a Cisco 1710 Security Router. Example
    configs would be great.

    Thanks

    Rafael.
    Rafael, Dec 11, 2003
    #1
    1. Advertising

  2. (Rafael) wrote in message news:<>...
    > Hi,
    >
    > Can anyone direct me to a link that describes how to terminate a
    > remote access VPN connection on a Cisco 1710 Security Router. Example
    > configs would be great.
    >
    > Thanks
    >
    > Rafael.


    Rafael,

    This works fine with the Cisco VPN Client (with split tunnelling).

    This is part of the config (I think I have included all the important bits).

    aaa new-model
    !
    aaa authorization network xxx-vpn-clientgroup local
    aaa session-id common
    !
    username user1 password xxxxxxxxxx
    !
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp client configuration address-pool local dynpool
    !
    crypto isakmp client configuration group xxx-vpn-clientgroup
    key vpnkey
    pool dynpool
    acl 111
    !
    crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac
    !
    crypto dynamic-map dynmap 1
    set transform-set transform-1
    !
    crypto map dynmap isakmp authorization list xxx-vpn-clientgroup
    crypto map dynmap client configuration address respond
    crypto map dynmap 1 ipsec-isakmp dynamic dynmap
    !
    interface Ethernet0
    ip address nnn.nnn.nnn.nnn 255.255.255.240
    no cdp enable
    crypto map dynmap
    !
    interface FastEthernet0
    ip address nnn.nnn.nnn.nnn 255.255.255.0
    no cdp enable
    !
    ip local pool dynpool 10.96.55.129 10.96.55.190
    ip default-gateway nnn.nnn.nnn.nnn
    ip route 0.0.0.0 0.0.0.0 nnn.nnn.nnn.nnn
    !
    access-list 111 permit ip nnn.nnn.0.0 0.0.255.255 10.96.55.128 0.0.0.63
    access-list 111 permit ip 10.0.0.0 0.255.255.255 10.96.55.128 0.0.0.63
    -------------------------------------

    Pete
    Pete Mainwaring, Dec 11, 2003
    #2
    1. Advertising

  3. Rafael

    Rafael Guest

    (Pete Mainwaring) wrote in message news:<>...
    > (Rafael) wrote in message news:<>...
    > > Hi,
    > >
    > > Can anyone direct me to a link that describes how to terminate a
    > > remote access VPN connection on a Cisco 1710 Security Router. Example
    > > configs would be great.
    > >
    > > Thanks
    > >
    > > Rafael.

    >
    > Rafael,
    >
    > This works fine with the Cisco VPN Client (with split tunnelling).
    >
    > This is part of the config (I think I have included all the important bits).
    >
    > aaa new-model
    > !
    > aaa authorization network xxx-vpn-clientgroup local
    > aaa session-id common
    > !
    > username user1 password xxxxxxxxxx
    > !
    > crypto isakmp policy 1
    > encr 3des
    > authentication pre-share
    > group 2
    > crypto isakmp client configuration address-pool local dynpool
    > !
    > crypto isakmp client configuration group xxx-vpn-clientgroup
    > key vpnkey
    > pool dynpool
    > acl 111
    > !
    > crypto ipsec transform-set transform-1 esp-3des esp-sha-hmac
    > !
    > crypto dynamic-map dynmap 1
    > set transform-set transform-1
    > !
    > crypto map dynmap isakmp authorization list xxx-vpn-clientgroup
    > crypto map dynmap client configuration address respond
    > crypto map dynmap 1 ipsec-isakmp dynamic dynmap
    > !
    > interface Ethernet0
    > ip address nnn.nnn.nnn.nnn 255.255.255.240
    > no cdp enable
    > crypto map dynmap
    > !
    > interface FastEthernet0
    > ip address nnn.nnn.nnn.nnn 255.255.255.0
    > no cdp enable
    > !
    > ip local pool dynpool 10.96.55.129 10.96.55.190
    > ip default-gateway nnn.nnn.nnn.nnn
    > ip route 0.0.0.0 0.0.0.0 nnn.nnn.nnn.nnn
    > !
    > access-list 111 permit ip nnn.nnn.0.0 0.0.255.255 10.96.55.128 0.0.0.63
    > access-list 111 permit ip 10.0.0.0 0.255.255.255 10.96.55.128 0.0.0.63
    > -------------------------------------
    >
    > Pete



    Pete,

    Thanks so much for your help - invaluable!!

    Rafael
    Rafael, Dec 12, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ole Vik
    Replies:
    0
    Views:
    1,605
    Ole Vik
    Jul 8, 2003
  2. Paul Stewart

    VPN Problems 1710 to 1710 via ADSL

    Paul Stewart, Dec 5, 2003, in forum: Cisco
    Replies:
    1
    Views:
    4,138
    Phillip Remaker
    Dec 5, 2003
  3. S-Mac

    1710 for Broadband access.

    S-Mac, Dec 28, 2004, in forum: Cisco
    Replies:
    17
    Views:
    732
    S Mac
    Jan 7, 2005
  4. pasatealinux
    Replies:
    1
    Views:
    2,030
    pasatealinux
    Dec 17, 2007
  5. BF
    Replies:
    2
    Views:
    748
Loading...

Share This Page