cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

520
Views
0
Helpful
3
Replies
Beginner

Create a VPN for users in the internet to a access server via router

Hi all,

    I am new to VPN.

    My setup diagram is as followed:

                                                  Users PCs

                                                        |

                                                        |

                                                    Internet

                                                        |

                                                        |

                                                g0/1 (10.0.0.2)

                                                  Cisco router

                                            g0/0 (192.168.6.250)   

                                                         |

                                                         |

                                               Server (192.168.6.254)             

  I am required to configure a VPN over the internet for a group of users PCs to access to the server (192.168.6.254).

 

  What should i configure inside my router and also any software need to install for the users pcs? How is the users PCs going to access to this VPN?

   Really appreciate if any experts out there could lend a helping hand.

Thank and Regards,

Raymond

3 REPLIES 3
Beginner

Re: Create a VPN for users in the internet to a access server vi

Hi,

Below would be helpful to you.

http://www.cisco.com/en/US/products/hw/routers/ps274/products_configuration_example09186a0080819289.shtml
Sent from Cisco Technical Support iPhone App

Beginner

Re: Create a VPN for users in the internet to a access server vi

Hello,

     Thank for providing me the link.

     But i have another enquiry. After i managed to get the cisco VPN client connected up, could the user pc ping the g0/0 and the server ip address? For my case, i cannot ping both the g0/0 and the server ip address.

                   

                                                  Users PCs

                                                        |

                                                        |

                                                    Internet

                                              (gateway 10.0.0.2)

                                                        |

                                                        |

                                              g0/1 (10.0.0.138)

                                                  Cisco router

                                            g0/0 (10.10.10.1)   

                                                         |

                                                         |

                                               Server (10.10.10.4)

Below is my router configuration:

service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Pioneer
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
!
!
aaa session-id common
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!
ip domain name yourdomain.com
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-625968446
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-625968446
revocation-check none
rsakeypair TP-self-signed-625968446
!
!
crypto pki certificate chain TP-self-signed-625968446
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

9F4C591D AC9DA311 042AD539 6652C6C3 67C15E19 2DFF7527 B46474A9 4ADA8DC9
D7F57FDE 1F4FA2DE 3A206C2D 2A9338D0 254B1E72 E98DB6DE BC5B652E B8D0B0DB
6634571E 9325D46C 25BE3EEF 393CD6C4 2D151BB8 03FBE75E C2C9AA10 1696FB07
BC9901D6 C764E91D 735B4628 22
        quit
license udi pid CISCO1941/K9 sn FHK144672KZ
!
!
username cisco secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
username puri password 7 11190C171E
!
redundancy
!
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group vpnclient
key cisco123
dns 165.21.83.88
domain yourdomain.com
pool ippool
acl 101
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
reverse-route
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map clientmap
!
ip local pool ippool 192.168.1.1 192.168.1.20
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 111 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 10.0.0.2
!
access-list 101 permit ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 111 deny   ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 111 permit ip any any
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
end

     Could enlighten me what should i change inside my router?

Regards,

Raymond

Highlighted
Beginner

Re: Create a VPN for users in the internet to a access server vi

HI Raymond.

https://supportforums.cisco.com/thread/2193560

Follow this link. To solve this problem we need to troubleshoot in many ways.

At present please follow this link.

Regards,

Chinnu.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here