06-13-2005 12:23 PM - edited 02-21-2020 01:49 PM
Does anyone have a sample config for a 2811 that they have running over an IPSEC VPN tunnel?
06-14-2005 08:24 AM
06-14-2005 11:02 AM
We will be connecting Via Sprint internet T to our Nortel Contivity 4600. Trying to make a VPN tunnel.
10-20-2005 08:41 PM
Do you have a sample config for client VPN access to the 2811. client VPN 4.0. thanks-
10-20-2005 10:00 PM
aaa new-model
aaa authentication login vpnauthen local
aaa authorization network vpnauthor local
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group vpngroup
key xxxxxxxx
pool vpnpool
acl 130
crypto ipsec transform-set vpnset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10
set transform-set vpnset
crypto map vpnmap client authentication list vpnauthen
crypto map vpnmap isakmp authorization list vpnauthor
crypto map vpnmap client configuration address respond
crypto map vpnmap 10 ipsec-isakmp dynamic dynmap
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
interface Dialer0
ip address
ip nat outside
crypto map flxmap
ip local pool vpnpool 10.1.1.1 10.1.1.10
ip nat inside source route-map nonat interface Dialer0 overload
access-list 101 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 130 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
route-map nonat permit 10
match ip address 101
10-20-2005 10:01 PM
in case split tunneling is not required, then ignore the acl 130.
09-18-2014 12:12 AM
Their network model like this: your company line rental FTTH ISP PPPoE dial with 6 children static ip ip ranges from 106 110 ........ I want to get the static ip ip to the VPN 108 makes the 2811, but his son router configured as the only forum but could not. Expect him to help. Thank you very much
10-21-2005 09:19 AM
Will this config work for a 4.0 VPN client? If so I don't see any place in the VPN client to enter a key (like I see in this 2800 config)-please clarify.
10-21-2005 11:48 PM
it works for vpn client v4.x.
regarding the config:
crypto isakmp client configuration group vpngroup
key xxxxxxxx
pool vpnpool
acl 130
the commnad "key xxxxxxxxx" is the pre-shared key.
10-22-2005 08:49 AM
In VPN client 4.0 I don't see a place to enter the pre-shared key- where do you configure this? Also, the VPN client4.0 asks for a VPNGROUP password but I don't see one on the 2811 configuration. Please clarify.
10-22-2005 08:55 AM
crypto isakmp client configuration group vpngroup
key cisco123
pool vpnpool
acl 130
when configuring the vpn client, under "group authentiction",
name: vpngroup
password: cisco123
confirm password: cisco123
10-22-2005 09:02 AM
Now it all makes sense- thanks so much!
11-03-2005 02:44 AM
just wondering how you go.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide