04-27-2010 03:03 AM
I've been trying for a while to setup my Cisco 877 router as a VPN server, in order to be able to access my nework from the outside.
My goal is to use standard Windows (or Linux) VPN client software to connect, without the need for Cisco VPN Client. Is this possible at all? I'd think so, but I've been unable to make it work.
Also, although I have quite a bit of Cisco routers/switchs experience, I'm very confused at the whole crypto/isakmp thing; I've read tons of documentation and tried out some configurations, but I just don't seem to have grasped enough of it.
My goals:
Some details about my configuration:
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
aaa authorization network default local
I can post samples of the various configurations I tried, but I'm not quite sure what is correct and what is not about them, so I'm not posting them for now; I will, if asked.
Can someone please provide me a working configuration for this setup?
Thanks
04-27-2010 07:01 AM
hi
i dont have a working config with me but hope the below link helps u out..
regds
04-27-2010 09:15 AM
That covers almost every possible scenario... excluding my one! Amazing
It sure sheds some light... I'll do some other tests.
Howewer, if someone knows how to allow L2TP/IPSEC connections from Windows clients without using the VPN client, I'd appreciate it a lot
04-27-2010 09:38 AM
Hi Massimo,
It sounds like you're looking for this:
However, looking over the config on the link above it seems that they've omitted the local "username" command for PPP authentication. Per the AAA commands, they are doing local user authentication for PPP (which the MS L2TP/IPSec employs). So you would just need to add something like:
username L2TP_User password
HTH,
-Jeff
04-28-2010 02:20 AM
Hi Jeff,
the Cisco site says I can't access that link... even after logging on.
04-28-2010 06:10 AM
It should be able to open up after you login. Try manually seraching for it on www.cisco.com after you login. The title is:
"L2TP-IPsec Support for NAT and PAT Windows Clients"
It's part of the official IOS config guide for 15.1 (also exists for other versions of IOS....they all should be the same article).
Let me know if this helps.
Thanks,
-Jeff
04-28-2010 06:18 AM
Pretty tough request yours lol ...
I guess you can use webvpn which are deployed the following ways:
Clientless SSL VPN (WebVPN)—Provides a remote client that requires an SSL-enabled Web browser to access HTTP or HTTPS Webservers on a corporate local-area network
http://cisco.com/en/US/products/ps6496/products_configuration_example09186a008071c58b.shtml
Thin-Client SSL VPN (Port Forwarding)—Provides a remote client that downloads a small Java-based applet and allows secure access for Transmission Control Protocol (TCP) applications that use static port numbers. Point of presence (POP3), Simple Mail Transfer Protocol (SMTP), Internet Message Access Protocol (IMAP), secure shell (ssh), and Telnet are examples of secure access. Because files on the local machine change, users must have local administrative privileges to use this method. This method of SSL VPN does not work with applications that use dynamic port assignments, such as some file transfer protocol (FTP) applications.
http://cisco.com/en/US/products/ps6496/products_configuration_example09186a008072aa61.shtml
SSL VPN Client (SVC Full Tunnel Mode)—Downloads asmall client to the remote workstation and allows full secure access to resources on an internal corporate network. You can download the SVC to a remote workstation permanently, or you can remove the client once the secure session is closed.
http://cisco.com/en/US/products/ps6496/products_configuration_example09186a0080720346.shtml
These are the only way to do VPN server w/out the Cisco VPN client. Since you have the new model im 99,99% sure you can pick any method and it will work fine.
I personaly dont like the webvpn but in some cases they are the only way to access the remote.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide