Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
676
Views
0
Helpful
2
Replies

Help VPN L2l ipsec

atomicgia
Level 1
Level 1

‎02-28-2011 02:03 PM - edited ‎02-21-2020 05:12 PM

hi all i would like to configure a vpn l2l ipsec for a friend. i have a router cisco 877 i configure it but vpn doesn't work.Can you help me pleeese?

Above my configuration:

Current configuration : 5443 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Laboratorio
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.1.1
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.254
!
ip dhcp pool HostPc
   network 172.16.1.0 255.255.255.0
   default-router 172.16.1.1
   dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool MPLs
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.254
   dns-server 8.8.8.8 8.8.4.4
!
!
!
!
crypto pki trustpoint TP-self-signed-4019649088
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4019649088
revocation-check none
rsakeypair TP-self-signed-4019649088
!
!
crypto pki certificate chain TP-self-signed-4019649088
certificate self-signed 01
  30820243 308201AC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 34303139 36343930 3838301E 170D3032 30333031 30323237
  32305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30313936
  34393038 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BEDC 993D5B3C F437EB8D 4563551E 810ADD58 B8803FD4 A8689975 BF72CFFC
  7FB45CDA A6EC96BF CCBBE81B A48F3294 ADF4DF2A 113BCBC5 09C09CAA EAEEC2F6
  7D0D833F BDCD23C1 5D0A86C4 55168AAD 7B8683B0 57F9DB8D 9001672E C8FFD0DC
  E7AD019B FB9F4922 4BB2EEDE 5608476E 13D649CB E872D8A9 B96987A2 B005FC11
  F7BD0203 010001A3 6B306930 0F060355 1D130101 FF040530 030101FF 30160603
  551D1104 0F300D82 0B4C6162 6F726174 6F72696F 301F0603 551D2304 18301680
  1410C94A 3D223413 045E904F 98A53A47 CD3D6145 5D301D06 03551D0E 04160414
  10C94A3D 22341304 5E904F98 A53A47CD 3D61455D 300D0609 2A864886 F70D0101
  04050003 81810036 950A8B8C E6EF310B F1AFE052 63A0FEBA 6C567E84 C1884A50
  77EBFE01 16DAD8D0 5CE80D31 098F164A 46731201 DEF048E3 11F77905 9BA7FE05
  5E98A8E3 2FFD6790 E7E19515 729933B4 150C8D7D C507B709 51E54E6D 44B6F1B9
  2A500658 D4E32CC9 72A21C8D 1CBB255D 37ED2DCE F5C58CFB 17AEB766 A0AED331
  B67F3FE9 9A1E61
  quit
username Manuele privilege 15 secret 5 xxxxxx
username Manu password 0 Gelo
!
!
crypto logging session
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp keepalive 10
crypto isakmp nat keepalive 20
crypto isakmp xauth timeout 90

!
crypto isakmp client configuration group remote-vpn
key 987bjdwiuhdiq%ihjo
dns 192.168.1.254
wins 192.168.1.254
domain xxxxxxx.it
pool remote-pool
acl 158
save-password
split-dns xxxxxx.it
max-users 5
max-logins 5
!
crypto ipsec security-association idle-time 3600
!
crypto ipsec transform-set VPN-CLI-SET esp-3des esp-md5-hmac
!
crypto dynamic-map remote-dyn 10
set transform-set VPN-CLI-SET
!
!
crypto map remotemap local-address Dialer0
crypto map remotemap client authentication list userauthen
crypto map remotemap isakmp authorization list groupauthor
crypto map remotemap client configuration address respond
crypto map remotemap 65535 ipsec-isakmp dynamic remote-dyn
!
!
!
interface ATM0
no ip address
ip nat inside
ip virtual-reassembly
no atm ilmi-keepalive
pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
switchport access vlan 2
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 172.16.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan2
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname xxxxxxxxx-0013C8-t@alicebiz.it
ppp chap password 0 alicenewag
ppp pap sent-username xxxxxxxxx-0013C8-t@alicebiz.it password 0 alicenewag
crypto map remotemap
!
ip local pool remote-pool 192.168.100.0 192.168.110.100
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.100.0 255.255.255.0 Dialer0
!
ip http server
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 172.16.1.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 101 remark ************************************************************
access-list 101 remark *** ACL PER PAT ***
access-list 101 remark ************************************************************
access-list 101 deny   ip 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 101 permit ip 10.0.0.0 0.0.0.255 any
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 158 remark *** ACL PER SPLIT-TUNNEL DA VPN-CLIENT ***
access-list 158 remark *************************************************************
access-list 158 permit ip 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 158 remark *************************************************************
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end

Labels:
0 Helpful
2 Replies 2

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎02-28-2011 03:17 PM

Hi,

You're mentioned that it's a L2L IPsec, but I think is a remote-access VPN instead?

You want to connect remote IPsec clients to the router (remote-access), or connect another site with an IOS router or ASA to this router (L2L)?

If it's a remote access IPsec, please check the following:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800946b7.shtml\

Hope it helps.


Federico.

0 Helpful

atomicgia
Level 1
Level 1
In response to Federico Coto Fajardo

‎02-28-2011 04:19 PM

Hi federico thx for your answare.

yes i want to connect a client(windows 7) using ipsec vpn configured into cisco 877 router but i haven't a radius server! can you help me?can you adjust my configuration please?Is it possible without a radius server?If not can you suggest me a new vpn type of configuration please?I can't use a pptp vpn because my isp block this port!

Thx again

0 Helpful
Customers Also Viewed These Support Documents