How to configure VPN on a Cisco 2811

davisbg5151 · ‎06-13-2005

Does anyone have a sample config for a 2811 that they have running over an IPSEC VPN tunnel?

aacole · ‎06-14-2005

The 2800 series run IOS 12.3, so this should do for a starter.

Let me know how you get on.

Andy

davisbg5151 · ‎06-14-2005

We will be connecting Via Sprint internet T to our Nortel Contivity 4600. Trying to make a VPN tunnel.

michael murphy · ‎10-20-2005

Do you have a sample config for client VPN access to the 2811. client VPN 4.0. thanks-

jackko · ‎10-20-2005

aaa new-model

aaa authentication login vpnauthen local

aaa authorization network vpnauthor local

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

crypto isakmp client configuration group vpngroup

key xxxxxxxx

pool vpnpool

acl 130

crypto ipsec transform-set vpnset esp-3des esp-md5-hmac

crypto dynamic-map dynmap 10

set transform-set vpnset

crypto map vpnmap client authentication list vpnauthen

crypto map vpnmap isakmp authorization list vpnauthor

crypto map vpnmap client configuration address respond

crypto map vpnmap 10 ipsec-isakmp dynamic dynmap

interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

interface Dialer0

ip address

ip nat outside

crypto map flxmap

ip local pool vpnpool 10.1.1.1 10.1.1.10

ip nat inside source route-map nonat interface Dialer0 overload

access-list 101 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 130 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

route-map nonat permit 10

match ip address 101

jackko · ‎10-20-2005

in case split tunneling is not required, then ignore the acl 130.

caodinhko · ‎09-18-2014

Their network model like this: your company line rental FTTH ISP PPPoE dial with 6 children static ip ip ranges from 106 110 ........ I want to get the static ip ip to the VPN 108 makes the 2811, but his son router configured as the only forum but could not. Expect him to help. Thank you very much

michael murphy · ‎10-21-2005

Will this config work for a 4.0 VPN client? If so I don't see any place in the VPN client to enter a key (like I see in this 2800 config)-please clarify.

jackko · ‎10-21-2005

it works for vpn client v4.x.

regarding the config:

crypto isakmp client configuration group vpngroup

key xxxxxxxx

pool vpnpool

acl 130

the commnad "key xxxxxxxxx" is the pre-shared key.

michael murphy · ‎10-22-2005

In VPN client 4.0 I don't see a place to enter the pre-shared key- where do you configure this? Also, the VPN client4.0 asks for a VPNGROUP password but I don't see one on the 2811 configuration. Please clarify.

jackko · ‎10-22-2005

crypto isakmp client configuration group vpngroup

key cisco123

pool vpnpool

acl 130

when configuring the vpn client, under "group authentiction",

name: vpngroup

password: cisco123

confirm password: cisco123

michael murphy · ‎10-22-2005

Now it all makes sense- thanks so much!

jackko · ‎11-03-2005

just wondering how you go.