dhon.manalo

"Any fool can write code that a computer can understand"

Baked with JBake v2.6.7
Theme by Mark Otto

Cisco Dialup VPN Configuration

13 May 2014

This is my working Cisco dialup configuration. IP addresses and wildcard masks are fictitious.

cisco887(config)#crypto isakmp policy 2
cisco887(config-isakmp)#encryption 3des
cisco887(config-isakmp)#hash md5
cisco887(config-isakmp)#authentication pre-share
cisco887(config-isakmp)#group 2
cisco887(config-isakmp)#exit

cisco887(config)# aaa new-model
cisco887(config)# aaa authentication login default local
cisco887(config)# aaa authentication login vpn_xauth local
cisco887(config)# aaa authentication login sslvpn local
cisco887(config)# aaa authorization network vpn_group local
cisco887(config)# aaa session-id common

cisco887(config)#username <username> password 0 <password>

cisco887(config)#crypto isakmp client configuration group <group name>
cisco887(config-isakmp-group)#key <password>
cisco887(config-isakmp-group)#dns 8.8.8.8
cisco887(config-isakmp-group)#pool <pool name>
cisco887(config-isakmp-group)#acl 103
cisco887(config-isakmp-group)#max-users 5
cisco887(config-isakmp-group)#exit

cisco887(config)#ip local pool <pool name> x.x.x.x x.x.x.x

cisco887(config)#crypto ipsec transform-set <transform-set name> esp-3des esp-sha-hmac
cisco887(config)#crypto ipsec profile <profile name>
cisco887(ipsec-profile)#set transform-set <transform-set name>
cisco887(ipsec-profile)#exit

cisco887(config)#interface virtual-template 1 type tunnel
cisco887(config-if)#ip unnumbered vlan3
cisco887(config-if)#tunnel mode ipsec ipv4
cisco887(config-if)#tunnel protection ipsec profile <profile name>
cisco887(config-if)#exit

cisco887(config)#crypto isakmp profile <ike-profile name>
% A profile is deemed incomplete until it has match identity statements
cisco887(conf-isa-prof)#match identity group <group name>
cisco887(conf-isa-prof)#client authentication list vpn_xauth
cisco887(conf-isa-prof)#isakmp authorization list vpn_group
cisco887(conf-isa-prof)#client configuration address respond
cisco887(conf-isa-prof)#virtual-template 1
cisco887(config-if)#exit

cisco887(config)#access-list 103 remark -===VPN Client users===-
cisco887(config)#access-list 103 permit ip x.x.x.x y.y.y.y host x.x.x.x