VPN on a 1760
DComTalk.com Forum Index DComTalk.com
Discussion of VoIP, VPN, Video Conferencen, DSL and other data commucations.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web dcomtalk.com
VPN on a 1760

 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Cisco
Author Message
Jaime
Guest
Posted: Wed Dec 15, 2004 3:48 am    Post subject: VPN on a 1760 Reply with quote
I use the following config on a 1760 router to support Cisco VPN clients.

What should I do to support also Microsoft VPN clients ?

Thanks

!
username ***** password 0 *****
aaa new-model
!
!
aaa authentication login VPNAUTHEN local
aaa authorization network VPNAUTHOR local
aaa session-id common
ip subnet-zero
!
ip cef
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group TECDES
key 0 *****
dns 192.168.28.100
pool TECDES
!
crypto ipsec transform-set vpn esp-3des esp-md5-hmac
!
crypto dynamic-map VPNCLIENT 10
set transform-set vpn
reverse-route
!
crypto map tunel_ep client authentication list VPNAUTHEN
crypto map tunel_ep isakmp authorization list VPNAUTHOR
crypto map tunel_ep client configuration address respond
!
crypto map tunel_ep 30 ipsec-isakmp dynamic VPNCLIENT
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$
ip address ***.***.***.* 255.255.255.248
no ip redirects
no ip proxy-arp
speed 100
full-duplex
no cdp enable
crypto map tunel_ep
!
ip local pool TECDES 192.168.56.1 192.168.56.254
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.x
ip route 172.16.89.0 255.255.255.0 xxx.xxx.xxx.x
ip route 192.168.28.0 255.255.255.0 xxx.xxx.xxx.x
ip route 192.168.101.0 255.255.255.0 xxx.Xxx.Xxx.x
ip route xxx.xxx.xx.x 255.255.255.255 Xxx.xxx.Xxx.x
no ip http server
no ip http secure-server
!
Back to top
Walter Roberson
Guest
Posted: Wed Dec 15, 2004 4:08 am    Post subject: Re: VPN on a 1760 Reply with quote
In article <81551cc6.0412141448.1a6a078d@posting.google.com>,
Jaime <jks_bcn@mixmail.com> wrote:
:I use the following config on a 1760 router to support Cisco VPN clients.

:What should I do to support also Microsoft VPN clients ?

If I recall correctly, XP supports IPSec, so you wouldn't have to do
anything extra for XP.

For previous versions, you would need to configure vpdn for PPTP.
If you search cisco's web site, there should be some good example
configurations of configuring PPTP.
--
If a troll and a half can hook a reader and a half in a posting and a half,
how many readers can six trolls hook in six postings?
Back to top
Phillip Remaker
Guest
Posted: Wed Dec 15, 2004 4:10 am    Post subject: Re: VPN on a 1760 Reply with quote
"Jaime" <jks_bcn@mixmail.com> wrote in message
news:81551cc6.0412141448.1a6a078d@posting.google.com...
Quote:
I use the following config on a 1760 router to support Cisco VPN clients.

What should I do to support also Microsoft VPN clients ?

Which kind? L2TP or PPTP?

If you are doing roaming users (as opposed to fixed) PPTP is better.

A fellow did a great writeup at
http://my.execpc.com/~keithp/pptp.htm

Punchline:

(3DES S/W required)

Copied from above website

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
scheduler max-task-time 5000
!
no ip http server
no ip domain lookup
!
ip subnet-zero
ip classless
!
!
hostname 806-pptp
enable secret 5 $1$CD8.$mZPRQ4nMwOKjdksI4XKMz.
!
!
! Fall-back local auth parameters in case of RADIUS server failure
username keith password 0 LETMEIN
!
!
! Set up authentication to use RADIUS server as
! the primary and local (above) as a fall-back
aaa new-model
aaa authentication ppp default group radius local
aaa authorization network default if-authenticated
aaa session-id common
!
!
! Point to RADIUS server on private LAN for
! authentication of connecting users
radius-server host 172.17.1.20 auth-port 1645 acct-port 1646
radius-server key LETMEIN
radius-server authorization permit missing Service-Type
!
!
vpdn enable
!
! Default PPTP VPDN group
vpdn-group 1
accept-dialin
protocol pptp
virtual-template 1
!
!
! This virtual interface is set up on the
! router for each connecting client PC
interface Virtual-Template1
ip unnumbered Ethernet0
ip mroute-cache
peer default ip address pool DIAL-IN
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2
!
!
! Set up a pool of 11 addresses on the private LAN dynamially
! assigned to the DUN interfaces of connecting client PCs
ip local pool DIAL-IN 172.17.8.210 172.17.8.220
!
!
! DNS and WINS server values given to client PCs
! during client dynamic address assignments
async-bootp dns-server 172.17.1.26
async-bootp nbns-server 172.17.1.26
!
!
! 'Inside' interface with private LAN address
interface Ethernet0
ip address 172.17.8.200 255.255.0.0
hold-queue 100 out
!
! 'Outside' interface with public IP address [ficticous address]
interface Ethernet1
ip address 205.148.34.77 255.255.255.240
!
! Default route out to ISP [ficticous address]
ip route 0.0.0.0 0.0.0.0 205.148.34.65
!
!
line con 0
exec-timeout 30 0
stopbits 1
line vty 0 4
login
password LETMEIN
!
end
Back to top
Rob
Guest
Posted: Wed Dec 15, 2004 8:42 pm    Post subject: Re: VPN on a 1760 Reply with quote
I did a VPDN PPTP server on a 1710 router just a few weeks ago. I
had problems with new 12.3 IOS images. 12.3(8)T5 didn't work at all,
and the latest 12.3 LD release disconnected the user during long file
transfers through the PPTP session. It was very intermittent. I went
back the oldest IOS that the 1710 would support, something from the
12.2.15T train, and it works fine.

It sucked because I really wanted it to be a dual IPSEC Easy-VPN
server and PPTP server, but since I couldn't use the later IOS, that
was not to be. Perhaps a 2600 or better router might work better, but
that was my experience.

-Robert



On Tue, 14 Dec 2004 15:10:00 -0800, "Phillip Remaker"
<remaker@cisco.com> wrote:

Quote:

"Jaime" <jks_bcn@mixmail.com> wrote in message
news:81551cc6.0412141448.1a6a078d@posting.google.com...
I use the following config on a 1760 router to support Cisco VPN clients.

What should I do to support also Microsoft VPN clients ?

Which kind? L2TP or PPTP?

If you are doing roaming users (as opposed to fixed) PPTP is better.

A fellow did a great writeup at
http://my.execpc.com/~keithp/pptp.htm
Back to top
Jaime
Guest
Posted: Thu Dec 16, 2004 2:23 am    Post subject: Re: VPN on a 1760 Reply with quote
Thanks Phillip, your post was a great help !

"Phillip Remaker" <remaker@cisco.com> escribió en el mensaje
news:1103066073.813576@sj-nntpcache-3...
Quote:

"Jaime" <jks_bcn@mixmail.com> wrote in message
news:81551cc6.0412141448.1a6a078d@posting.google.com...
I use the following config on a 1760 router to support Cisco VPN
clients.

What should I do to support also Microsoft VPN clients ?

Which kind? L2TP or PPTP?

If you are doing roaming users (as opposed to fixed) PPTP is better.

A fellow did a great writeup at
http://my.execpc.com/~keithp/pptp.htm

Punchline:

(3DES S/W required)

Copied from above website

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
scheduler max-task-time 5000
!
no ip http server
no ip domain lookup
!
ip subnet-zero
ip classless
!
!
hostname 806-pptp
enable secret 5 $1$CD8.$mZPRQ4nMwOKjdksI4XKMz.
!
!
! Fall-back local auth parameters in case of RADIUS server failure
username keith password 0 LETMEIN
!
!
! Set up authentication to use RADIUS server as
! the primary and local (above) as a fall-back
aaa new-model
aaa authentication ppp default group radius local
aaa authorization network default if-authenticated
aaa session-id common
!
!
! Point to RADIUS server on private LAN for
! authentication of connecting users
radius-server host 172.17.1.20 auth-port 1645 acct-port 1646
radius-server key LETMEIN
radius-server authorization permit missing Service-Type
!
!
vpdn enable
!
! Default PPTP VPDN group
vpdn-group 1
accept-dialin
protocol pptp
virtual-template 1
!
!
! This virtual interface is set up on the
! router for each connecting client PC
interface Virtual-Template1
ip unnumbered Ethernet0
ip mroute-cache
peer default ip address pool DIAL-IN
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2
!
!
! Set up a pool of 11 addresses on the private LAN dynamially
! assigned to the DUN interfaces of connecting client PCs
ip local pool DIAL-IN 172.17.8.210 172.17.8.220
!
!
! DNS and WINS server values given to client PCs
! during client dynamic address assignments
async-bootp dns-server 172.17.1.26
async-bootp nbns-server 172.17.1.26
!
!
! 'Inside' interface with private LAN address
interface Ethernet0
ip address 172.17.8.200 255.255.0.0
hold-queue 100 out
!
! 'Outside' interface with public IP address [ficticous address]
interface Ethernet1
ip address 205.148.34.77 255.255.255.240
!
! Default route out to ISP [ficticous address]
ip route 0.0.0.0 0.0.0.0 205.148.34.65
!
!
line con 0
exec-timeout 30 0
stopbits 1
line vty 0 4
login
password LETMEIN
!
end


Back to top
 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Cisco All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




VoIP Solutions: Telephone Systems Electronics Satellite TV Tech & Gadgets
Powered by phpBB