VPN on a 1760

Discussion in 'Cisco' started by Jaime, Dec 14, 2004.

  1. Jaime

    Jaime Guest

    I use the following config on a 1760 router to support Cisco VPN clients.

    What should I do to support also Microsoft VPN clients ?

    Thanks

    !
    username ***** password 0 *****
    aaa new-model
    !
    !
    aaa authentication login VPNAUTHEN local
    aaa authorization network VPNAUTHOR local
    aaa session-id common
    ip subnet-zero
    !
    ip cef
    ip audit notify log
    ip audit po max-events 100
    no ftp-server write-enable
    !
    crypto isakmp policy 10
    encr 3des
    hash md5
    authentication pre-share
    group 2
    !
    crypto isakmp client configuration group TECDES
    key 0 *****
    dns 192.168.28.100
    pool TECDES
    !
    crypto ipsec transform-set vpn esp-3des esp-md5-hmac
    !
    crypto dynamic-map VPNCLIENT 10
    set transform-set vpn
    reverse-route
    !
    crypto map tunel_ep client authentication list VPNAUTHEN
    crypto map tunel_ep isakmp authorization list VPNAUTHOR
    crypto map tunel_ep client configuration address respond
    !
    crypto map tunel_ep 30 ipsec-isakmp dynamic VPNCLIENT
    !
    interface FastEthernet0/0
    description $ETH-LAN$$ETH-SW-LAUNCH$
    ip address ***.***.***.* 255.255.255.248
    no ip redirects
    no ip proxy-arp
    speed 100
    full-duplex
    no cdp enable
    crypto map tunel_ep
    !
    ip local pool TECDES 192.168.56.1 192.168.56.254
    ip classless
    ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.x
    ip route 172.16.89.0 255.255.255.0 xxx.xxx.xxx.x
    ip route 192.168.28.0 255.255.255.0 xxx.xxx.xxx.x
    ip route 192.168.101.0 255.255.255.0 xxx.Xxx.Xxx.x
    ip route xxx.xxx.xx.x 255.255.255.255 Xxx.xxx.Xxx.x
    no ip http server
    no ip http secure-server
    !
     
    Jaime, Dec 14, 2004
    #1
    1. Advertising

  2. In article <>,
    Jaime <> wrote:
    :I use the following config on a 1760 router to support Cisco VPN clients.

    :What should I do to support also Microsoft VPN clients ?

    If I recall correctly, XP supports IPSec, so you wouldn't have to do
    anything extra for XP.

    For previous versions, you would need to configure vpdn for PPTP.
    If you search cisco's web site, there should be some good example
    configurations of configuring PPTP.
    --
    If a troll and a half can hook a reader and a half in a posting and a half,
    how many readers can six trolls hook in six postings?
     
    Walter Roberson, Dec 14, 2004
    #2
    1. Advertising

  3. "Jaime" <> wrote in message
    news:...
    > I use the following config on a 1760 router to support Cisco VPN clients.
    >
    > What should I do to support also Microsoft VPN clients ?


    Which kind? L2TP or PPTP?

    If you are doing roaming users (as opposed to fixed) PPTP is better.

    A fellow did a great writeup at
    http://my.execpc.com/~keithp/pptp.htm

    Punchline:

    (3DES S/W required)

    Copied from above website

    version 12.2
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    scheduler max-task-time 5000
    !
    no ip http server
    no ip domain lookup
    !
    ip subnet-zero
    ip classless
    !
    !
    hostname 806-pptp
    enable secret 5 $1$CD8.$mZPRQ4nMwOKjdksI4XKMz.
    !
    !
    ! Fall-back local auth parameters in case of RADIUS server failure
    username keith password 0 LETMEIN
    !
    !
    ! Set up authentication to use RADIUS server as
    ! the primary and local (above) as a fall-back
    aaa new-model
    aaa authentication ppp default group radius local
    aaa authorization network default if-authenticated
    aaa session-id common
    !
    !
    ! Point to RADIUS server on private LAN for
    ! authentication of connecting users
    radius-server host 172.17.1.20 auth-port 1645 acct-port 1646
    radius-server key LETMEIN
    radius-server authorization permit missing Service-Type
    !
    !
    vpdn enable
    !
    ! Default PPTP VPDN group
    vpdn-group 1
    accept-dialin
    protocol pptp
    virtual-template 1
    !
    !
    ! This virtual interface is set up on the
    ! router for each connecting client PC
    interface Virtual-Template1
    ip unnumbered Ethernet0
    ip mroute-cache
    peer default ip address pool DIAL-IN
    ppp encrypt mppe auto required
    ppp authentication ms-chap ms-chap-v2
    !
    !
    ! Set up a pool of 11 addresses on the private LAN dynamially
    ! assigned to the DUN interfaces of connecting client PCs
    ip local pool DIAL-IN 172.17.8.210 172.17.8.220
    !
    !
    ! DNS and WINS server values given to client PCs
    ! during client dynamic address assignments
    async-bootp dns-server 172.17.1.26
    async-bootp nbns-server 172.17.1.26
    !
    !
    ! 'Inside' interface with private LAN address
    interface Ethernet0
    ip address 172.17.8.200 255.255.0.0
    hold-queue 100 out
    !
    ! 'Outside' interface with public IP address [ficticous address]
    interface Ethernet1
    ip address 205.148.34.77 255.255.255.240
    !
    ! Default route out to ISP [ficticous address]
    ip route 0.0.0.0 0.0.0.0 205.148.34.65
    !
    !
    line con 0
    exec-timeout 30 0
    stopbits 1
    line vty 0 4
    login
    password LETMEIN
    !
    end
     
    Phillip Remaker, Dec 14, 2004
    #3
  4. Jaime

    Rob Guest

    I did a VPDN PPTP server on a 1710 router just a few weeks ago. I
    had problems with new 12.3 IOS images. 12.3(8)T5 didn't work at all,
    and the latest 12.3 LD release disconnected the user during long file
    transfers through the PPTP session. It was very intermittent. I went
    back the oldest IOS that the 1710 would support, something from the
    12.2.15T train, and it works fine.

    It sucked because I really wanted it to be a dual IPSEC Easy-VPN
    server and PPTP server, but since I couldn't use the later IOS, that
    was not to be. Perhaps a 2600 or better router might work better, but
    that was my experience.

    -Robert



    On Tue, 14 Dec 2004 15:10:00 -0800, "Phillip Remaker"
    <> wrote:

    >
    >"Jaime" <> wrote in message
    >news:...
    >> I use the following config on a 1760 router to support Cisco VPN clients.
    >>
    >> What should I do to support also Microsoft VPN clients ?

    >
    >Which kind? L2TP or PPTP?
    >
    >If you are doing roaming users (as opposed to fixed) PPTP is better.
    >
    >A fellow did a great writeup at
    >http://my.execpc.com/~keithp/pptp.htm
     
    Rob, Dec 15, 2004
    #4
  5. Jaime

    Jaime Guest

    Thanks Phillip, your post was a great help !

    "Phillip Remaker" <> escribió en el mensaje
    news:1103066073.813576@sj-nntpcache-3...
    >
    > "Jaime" <> wrote in message
    > news:...
    > > I use the following config on a 1760 router to support Cisco VPN

    clients.
    > >
    > > What should I do to support also Microsoft VPN clients ?

    >
    > Which kind? L2TP or PPTP?
    >
    > If you are doing roaming users (as opposed to fixed) PPTP is better.
    >
    > A fellow did a great writeup at
    > http://my.execpc.com/~keithp/pptp.htm
    >
    > Punchline:
    >
    > (3DES S/W required)
    >
    > Copied from above website
    >
    > version 12.2
    > no service pad
    > service timestamps debug uptime
    > service timestamps log uptime
    > scheduler max-task-time 5000
    > !
    > no ip http server
    > no ip domain lookup
    > !
    > ip subnet-zero
    > ip classless
    > !
    > !
    > hostname 806-pptp
    > enable secret 5 $1$CD8.$mZPRQ4nMwOKjdksI4XKMz.
    > !
    > !
    > ! Fall-back local auth parameters in case of RADIUS server failure
    > username keith password 0 LETMEIN
    > !
    > !
    > ! Set up authentication to use RADIUS server as
    > ! the primary and local (above) as a fall-back
    > aaa new-model
    > aaa authentication ppp default group radius local
    > aaa authorization network default if-authenticated
    > aaa session-id common
    > !
    > !
    > ! Point to RADIUS server on private LAN for
    > ! authentication of connecting users
    > radius-server host 172.17.1.20 auth-port 1645 acct-port 1646
    > radius-server key LETMEIN
    > radius-server authorization permit missing Service-Type
    > !
    > !
    > vpdn enable
    > !
    > ! Default PPTP VPDN group
    > vpdn-group 1
    > accept-dialin
    > protocol pptp
    > virtual-template 1
    > !
    > !
    > ! This virtual interface is set up on the
    > ! router for each connecting client PC
    > interface Virtual-Template1
    > ip unnumbered Ethernet0
    > ip mroute-cache
    > peer default ip address pool DIAL-IN
    > ppp encrypt mppe auto required
    > ppp authentication ms-chap ms-chap-v2
    > !
    > !
    > ! Set up a pool of 11 addresses on the private LAN dynamially
    > ! assigned to the DUN interfaces of connecting client PCs
    > ip local pool DIAL-IN 172.17.8.210 172.17.8.220
    > !
    > !
    > ! DNS and WINS server values given to client PCs
    > ! during client dynamic address assignments
    > async-bootp dns-server 172.17.1.26
    > async-bootp nbns-server 172.17.1.26
    > !
    > !
    > ! 'Inside' interface with private LAN address
    > interface Ethernet0
    > ip address 172.17.8.200 255.255.0.0
    > hold-queue 100 out
    > !
    > ! 'Outside' interface with public IP address [ficticous address]
    > interface Ethernet1
    > ip address 205.148.34.77 255.255.255.240
    > !
    > ! Default route out to ISP [ficticous address]
    > ip route 0.0.0.0 0.0.0.0 205.148.34.65
    > !
    > !
    > line con 0
    > exec-timeout 30 0
    > stopbits 1
    > line vty 0 4
    > login
    > password LETMEIN
    > !
    > end
    >
    >
    >
     
    Jaime, Dec 15, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jeroen
    Replies:
    0
    Views:
    552
    Jeroen
    Jan 5, 2004
  2. Paul
    Replies:
    1
    Views:
    3,662
    Walter Roberson
    Dec 6, 2004
  3. John Heitmuller

    Cisco 1760, Advanced Security, and VPN?

    John Heitmuller, Feb 5, 2007, in forum: Cisco
    Replies:
    1
    Views:
    723
    Walter Roberson
    Feb 5, 2007
  4. Replies:
    5
    Views:
    1,191
  5. rcbandit

    Cisco 1760 VPN server problem

    rcbandit, Oct 22, 2011, in forum: General Computer Support
    Replies:
    0
    Views:
    1,505
    rcbandit
    Oct 22, 2011
Loading...

Share This Page