It looks like ok

Shahzad Ayub · ‎06-16-2016

Hi,

I have a remote site which is connected to Head-office through IPSEC VPN Tunnel, now i want to configure our Head-office router for VPN-client configuration as well so that users will be connected using VPN-client to Head-office and they can access the resources at remote branch using already configured IPSEC VPN tunnel. I am posting specific configuration from Head office router and need expert advice that which specific configuration i required to achieve this.

interface Loopback0
ip address 217.18.168.169 255.255.255.248

interface GigabitEthernet0/0
description connected to ISP
bandwidth 9000
ip address 172.29.156.54 255.255.255.252
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
crypto map CRYPTOMAP

crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco****** address 193.232.126.35

crypto ipsec transform-set REM_VPN esp-3des esp-md5-hmac
mode tunnel

crypto map CRYPTOMAP local-address Loopback0
crypto map CRYPTOMAP 1 ipsec-isakmp
set peer 193.232.126.35
set transform-set REM_VPN
match address SITE-TO-SITE
reverse-route static

ip nat inside source list NAT interface Loopback0 overload

ip access-list extended SITE-TO-SITE
permit ip 10.40.1.0 0.0.0.255 10.80.1.0 0.0.0.255

ip access-list extended NAT
deny ip 10.40.1.0 0.0.0.255 10.80.1.0 0.0.0.255
permit ip 10.40.1.0 0.0.0.255 any

Thanks

Shahzad

Francesco Molino · ‎06-16-2016

Hi

For doing Client VPN on the same router on which you're doing site-to-site VPN, I will not put right here all commands but redirect you on a link from Cisco explaining how to implement:

http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/20982-ipsecrouter-vpn.html

However if you have issues, I would be able to help troubleshooting.

Thanks

PS: Please don't forget to rate and mark as correct answer if this solved your issue.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Shahzad Ayub · ‎06-19-2016

Thanks for your reply.

I wrote some steps after looking at the document you referred, please review it and advise.

aaa new-model
!
aaa authentication login userauthen local

aaa authorization network groupauthor local
aaa session-id common

username cisco password 0 cisco

crypto isakmp client configuration group CLIENT-VPN
key cisco123
dns 10.100.9.5
domain local.*****.com
pool ippool
!
crypto dynamic-map dynmap 10
set transform-set REM_VPN
reverse-route
!

crypto map CRYPTOMAP client authentication list userauthen
crypto map CRYPTOMAP isakmp authorization list groupauthor
crypto map CRYPTOMAP client configuration address initiate
crypto map CRYPTOMAP client configuration address respond

crypto map CRYPTOMAP 10 ipsec-isakmp dynamic dynmap

ip local pool ippool 10.100.20.100 10.100.20.254

Thanks

Shahzad

Francesco Molino · ‎06-19-2016

It looks like ok.

PS: Please don't rate and mark as correct answer if this solved your issue

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

IPSEC VPN Tunnel and VPN Client configuration on same router