CONFIGURE VPN IN CISCO 4300 FOR WORKERS TO ACCESS OFFICE REMOTELY

wanumet · ‎10-26-2021

Hello

Someone kindly assist me.

I need to cofigure a VPN in Cisco 4300 such that workers can be able to access office network while at home

Kind Regards

balaji.bandi · ‎10-26-2021

Not sure what client you like to use, you want to use native windows client or Cisco Any connect ?

provided below both for reference :

https://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/809-cisco-router-vpn-client.html

https://www.youtube.com/watch?v=JL8lh0hq-F4

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎10-26-2021

Hello,

Easy VPN is probably the simplest solution. Post the running configuration of your 43xx router so we can fill in the bits and pieces...

paul driver · ‎10-26-2021

Hello
See attached configuration regards remote vpn access for cisco vpn cleints.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Georg Pauwen · ‎10-27-2021

Hello,

in addition to the other posts, here is a sample config for a 4331 configured as Easy VPN server:

version 16.8
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname 4331
!
boot-start-marker
boot system flash bootflash:isr4300-universalk9.16.08.05.SPA.bin
boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
logging console emergencies
enable secret 5
!
transport-map type persistent ssh sshhandler
time-out 30
rsa keypair-name sshkeys
transport interface GigabitEthernet0
connection wait allow interruptible
!
transport-map type persistent telnet telnethandler
!
aaa new-model
!
aaa authentication login default local
aaa authentication login USERS-AUTHEN local
aaa authorization exec default local
aaa authorization network GROUP-AUTHOR local
!
aaa session-id common
no process cpu autoprofile hog
clock timezone GMT 1 0
!
ip nbar http-services
!
ip domain name yourdomain.com
!
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
subscriber templating
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-1843133077
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1843133077
revocation-check none
rsakeypair TP-self-signed-1843133077
!
crypto pki certificate chain TP-self-signed-1843133077
certificate self-signed 01
quit
!
ivr prompt buffers 2
license udi pid ISR4331/K9 sn
license accept end user agreement
license boot level appxk9
license boot level uck9
license boot level securityk9
diagnostic bootup level minimal
spanning-tree extend system-id
!
username admin privilege 15
username guest privilege 15
username operator password 7
!
redundancy
mode none
!
vlan internal allocation policy ascending
!
no cdp run
!
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group VPN-GROUP
key KEY1
dns 192.168.1.1
pool EZVPN-POOL
acl 101
crypto isakmp profile VPN-CLIENT
match identity group VPN-GROUP
client authentication list USERS-AUTHEN
isakmp authorization list GROUP-AUTHOR
client configuration address respond
!
crypto ipsec transform-set TS-3DES-MD5 esp-3des esp-md5-hmac
mode tunnel
!
crypto dynamic-map DYNMAP 10
set transform-set TS-3DES-MD5
set isakmp-profile VPN-CLIENT
reverse-route
!
crypto map DMAP 1 ipsec-isakmp dynamic DYNMAP
!
interface GigabitEthernet0/0/0
description WAN
ip address dhcp
ip mtu 1452
ip nat outside
ip nbar protocol-discovery
ip tcp adjust-mss 1412
negotiation auto
pppoe enable group global
pppoe-client dial-pool-number 1
spanning-tree portfast trunk
!
interface GigabitEthernet0/0/1
description LAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/2
shutdown
spanning-tree portfast disable
!
interface GigabitEthernet0/1/0
shutdown
spanning-tree portfast disable
!
interface GigabitEthernet0/1/1
shutdown
spanning-tree portfast disable
!
interface GigabitEthernet0/1/2
switchport mode access
shutdown
spanning-tree portfast trunk
!
interface GigabitEthernet0/1/3
shutdown
spanning-tree portfast disable
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
no cdp enable
!
interface Vlan1
no ip address
shutdown
!
interface Dialer1
ip address negotiated
ip mtu 1452
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1412
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
no cdp enable
ppp mtu adaptive
ppp authentication chap pap callin
ppp chap hostname
ppp chap password
ppp pap sent-username
ppp ipcp dns request
crypto map DMAP
!
ip local pool EZVPN-POOL 192.168.2.10 192.168.2.250
ip nat inside source route-map ISP_NAT_RM interface Dialer1 overload
ip forward-protocol nd
ip ftp username 1
ip ftp password 7
ip http server
ip http authentication local
ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip ssh version 2
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
dialer-list 1 protocol ip permit
!
route-map ISP_NAT_RM permit 10
match ip address 1
match interface Dialer1
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
end