Configuring Cisco 871W as VPN-Server

martin.loose · ‎03-02-2006

Hi,

i've just trying to configure an Cisco 871W as VPN-Server for a couple of clients. The Router is placed behind our default gateway and will have a fix ip.

1. are there any sample configs (IOS 12.3(8)Y3) available to tryout and study ?

2. i need a basic configuration to get ssh-access to the router from the internet. At the moment i try to set the wan-interface as public (with the public ip) and vlan1 as private) -> it dowsn't work propperly yet. :( - are there any standards to follow or is this just the way of choice ?

kind regards, martin

spremkumar · ‎03-02-2006

hi

hope this helps..

http://cisco.com/en/US/products/sw/iosswrel/ps5187/prod_configuration_guide09186a008017d583.html

regds

m.sir · ‎03-03-2006

1)

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a008055c37a.html

its for 12.2T but is should be same for 12.3(8)

2)SSH

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

Hope that helps

martin.loose · ‎03-04-2006

thanks für your advice :)

i'm downloading the manuals atm and try them out just when i'm back in the office

jackko · ‎03-04-2006

please excuse me for following the entire conversation.

nonetheless, below are the sample codes for remote vpn:

aaa new-model

aaa authentication login vpnauthen local

aaa authorization network vpnauthor local

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration group vpngroup

key xxxxxxxx

pool vpnpool

acl 130

crypto ipsec transform-set vpnset esp-3des esp-md5-hmac

crypto dynamic-map dynmap 10

set transform-set vpnset

crypto map vpnmap client authentication list vpnauthen

crypto map vpnmap isakmp authorization list vpnauthor

crypto map vpnmap client configuration address respond

crypto map vpnmap 10 ipsec-isakmp dynamic dynmap

interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

interface Dialer0

ip address

ip nat outside

crypto map vpnmap

ip local pool vpnpool 10.1.1.1 10.1.1.10

ip nat inside source route-map nonat interface Dialer0 overload

access-list 101 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 130 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

route-map nonat permit 10

match ip address 101

below are the sampel codes for ssh:

hostname router

ip domain-name yourcompany.com

crypto key generate rsa

1024

line vty 0 4

transport input telnet ssh

username cisco password cisco123

aaa new-model

Configuring Cisco 871W as VPN-Server

回复：【原创】ASA做SSL VPN server 导入公网证书

Help, configuring RIP

Cisco Secure Firewall (FTD) - How To

Cisco HCI with Nutanix – How To

Cisco Catalyst SD-WAN How To

Configuring Cisco 871W as VPN-Server

回复： 【原创】ASA做SSL VPN server 导入公网证书

Help, configuring RIP

Cisco Secure Firewall (FTD) - How To

Cisco HCI with Nutanix – How To

Cisco Catalyst SD-WAN How To

回复：【原创】ASA做SSL VPN server 导入公网证书