Cisco Dialup VPN Configuration

13 May 2014

This is my working Cisco dialup configuration. IP addresses and wildcard masks are fictitious.

cisco887(config)#crypto isakmp policy 2
cisco887(config-isakmp)#encryption 3des
cisco887(config-isakmp)#hash md5
cisco887(config-isakmp)#authentication pre-share
cisco887(config-isakmp)#group 2
cisco887(config-isakmp)#exit

cisco887(config)# aaa new-model
cisco887(config)# aaa authentication login default local
cisco887(config)# aaa authentication login vpn_xauth local
cisco887(config)# aaa authentication login sslvpn local
cisco887(config)# aaa authorization network vpn_group local
cisco887(config)# aaa session-id common

cisco887(config)#username <username> password 0 <password>

cisco887(config)#crypto isakmp client configuration group <group name>
cisco887(config-isakmp-group)#key <password>
cisco887(config-isakmp-group)#dns 8.8.8.8
cisco887(config-isakmp-group)#pool <pool name>
cisco887(config-isakmp-group)#acl 103
cisco887(config-isakmp-group)#max-users 5
cisco887(config-isakmp-group)#exit

cisco887(config)#ip local pool <pool name> x.x.x.x x.x.x.x

cisco887(config)#crypto ipsec transform-set <transform-set name> esp-3des esp-sha-hmac
cisco887(config)#crypto ipsec profile <profile name>
cisco887(ipsec-profile)#set transform-set <transform-set name>
cisco887(ipsec-profile)#exit

cisco887(config)#interface virtual-template 1 type tunnel
cisco887(config-if)#ip unnumbered vlan3
cisco887(config-if)#tunnel mode ipsec ipv4
cisco887(config-if)#tunnel protection ipsec profile <profile name>
cisco887(config-if)#exit

cisco887(config)#crypto isakmp profile <ike-profile name>
% A profile is deemed incomplete until it has match identity statements
cisco887(conf-isa-prof)#match identity group <group name>
cisco887(conf-isa-prof)#client authentication list vpn_xauth
cisco887(conf-isa-prof)#isakmp authorization list vpn_group
cisco887(conf-isa-prof)#client configuration address respond
cisco887(conf-isa-prof)#virtual-template 1
cisco887(config-if)#exit

cisco887(config)#access-list 103 remark -===VPN Client users===-
cisco887(config)#access-list 103 permit ip x.x.x.x y.y.y.y host x.x.x.x