From: darth router (darklordrouter@gmail.com)
Date: Mon Aug 25 2008 - 04:14:20 ART
Thanks Naum, but I'm looking for an example that works without Cisco VPN
client it has to work with windows XP VPN DUN. It'll end up being a lot of
VPDN configuration using a virtual template. There are a few examples on
cisco.com, but they are pretty weak.
On Sun, Aug 24, 2008 at 10:54 PM, Nauman Habib <mrnauman@gmail.com> wrote:
> *Lab 9*
>
> *Remote VPN*
>
> * *
>
> **
>
> *A(config)# AAA new-model //*enable AAA feature
>
> *A(config)# username nauman password nauman //*create a user having name
> haroon with password cisco
>
> *A(config)# AAA authentication login default local //*do authentication
> for the users locally
>
> *A(config)# AAA authorization network abc local //*do authorization for
> users locally
>
> *A(config)# crypro isakmp policy 10 //*create a policy of number 10
>
> *A(config-isakmp)# authentication pre-share //*use authentication
> pre-share
>
> *A(config-isakmp)# hash md5 //*use hash md5
>
> *A(config-isakmp)# encryption des //*use encryption des
>
> *A(config-isakmp)# group 2 //*use group 2
>
> *A(config-isakmp)# exit*
>
> *A(config)# crypto isakmp key cisco address 0.0.0.0 *create isakmp peer
> for any user
>
> *A(config)# crypto ipsec transform-set tset esp-des esp-md5-hmac *create
> a transform set having name tset with policies esp-des and esp-md5-hmac
>
> *A(config)# ip local pool pool1 15.1.1.1 15.1.1.50 //*create a pool of
> IP addresses for remote user
>
> *A(config)# crypto isakmp client configuration group abc //*
>
> *A(config-group)# pool pool1 //*allowing pool which is pool1
>
> *A(config-group)# key cisco //*having key cisco
>
> *A(config-group)# exit*
>
> *A(config)# crypto isakmp client configuration address-pool local pool1 *
>
> *A(config)# crypto dynamic-map dmap 5 //*create a dynamic map having name
> dmap5 for binding all the features
>
> *A(config-map)# set transform-set tset //*
>
> *A(config-map)#exit*
>
> *A(config)# crypto map smap 10 ipsec-isakmp dynamic map dmap //*binde
> dynamic map with static map
>
> *A(config)# crypto map smap client authentication list abc //*give the
> users of abc to static map which is smap
>
> *A(config)# crypto map smap isakmp authorization list abc //*authorize
> the users which are define in abc with static map smap
>
> *A(config)# crypto map smap client configuration address respond*
>
> *A(config)# interface serial 0/0*
>
> *A(config-if)# crypto map smap //*apply static map to the interface
>
> *A(config)# ip route 15.0.0.0 255.0.0.0 serial 0 //*create a static route
> for 15.0.0.0 from its s0 interface
>
>
> On Mon, Aug 25, 2008 at 9:08 AM, darth router <darklordrouter@gmail.com>wrote:
>
>> Anyone have a pretty basic working configuration (like EASY VPN) for this?
>> Needs to be dynamic for multiple users to dial in. I've been banging my
>> head
>> working on a configuration for hours.
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:32 ART