Configuring 1720 to work with VPN client

beekerc · ‎04-29-2005

This is probably a simple question, but I'm relatively new to Cisco routers. I know my way around interface configurations and ACL's, but that's about it.

I've got a 1720 running 12.3 with the full features set (IP ADSL FW IDS PLUS IPSEC 3DES) - the firmware image is c1700-k9o3sy7-mz.123-1a.bin. It has two WIC-1ENET's in it. The built-in fast eternet port connects to the private network (192.168.1.x), the WIC1 connects to the DMZ (192.168.2.x) and WIC0 connects to the DSL Modem (Cisco 678).

I'm looking either use Windows IPSec or the Cisco VPN Client v4.6, whichever would allow the most seemless connection of resources across the VPN (ie. domain connection, outlook to exchange server, SQL, file & printer sharing, etc).

I've done Google searches and looked through a number of Cisco VPN documents, but I really can't seem to find anything that says "These are the IOS commands you need to use and why", which would be the most helpful to me.

If you need more specifics, please let me know

Thanks

Brian

thisisshanky · ‎04-29-2005

Brian, you can use the following configs.

crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group VPNClients

key

dns

domain

pool VPN-POOL

!

crypto ipsec transform-set 3DES esp-3des esp-sha-hmac

!

crypto dynamic-map VPN-map 10

set transform-set 3DES

crypto map Dynamic-map client authentication list VPN-CLIENTS

crypto map Dynamic-map isakmp authorization list group-auth

crypto map Dynamic-map client configuration address respond

crypto map Dynamic-map 10 ipsec-isakmp dynamic VPN-map

aaa authentication login VPN-CLIENTS {local|tacacs|radius}

int fa0/0

crypto map Dynamic-map

ip local pool VPN-POOL x.x.x.1 x.x.x.254

Let me know if you have any questions on this.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus