04-20-2009 09:32 AM
Hi,
I have a 877 Router with software version 12.4(15)T7. We have several users that want to VPN into site. Can you point me to a doc that explains how to setup the VPN on the 877 Router?
I have a telnet connection to the 877 and therefore, will need to perform work over CLI instead of SDM.
Thanks,
04-20-2009 10:12 AM
see the below config example:-
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949db.shtml
HTH>
04-20-2009 01:09 PM
I've created the config. However, I get Invalid SPI size (PayloadNotify:116) error on vpn client.
here is config:
mhsrtr#sh runn
Building configuration...
Current configuration : 6198 bytes
!
! Last configuration change at 15:54:03 CDT Mon Apr 20 2009 by admin
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname mhsrtr
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login rtr-remote local
!
!
aaa session-id common
clock timezone CST -6
clock summer-time CDT recurring
!
crypto pki trustpoint TP-self-signed-2419240079
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2419240079
revocation-check none
rsakeypair TP-self-signed-2419240079
!
!
!
no ip domain lookup
ip domain name xxxx
ip name-server xxxx
ip name-server xxxx
!
multilink bundle-name authenticated
!
!
username admin privilege 15 secret 5 $1$C6Dr$kCtbvShoEGvolf4xnZzrx.
username xxxx password 0 xxxx
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 480
!
crypto isakmp client configuration group rtr-remote
key xxxx
dns x.x.x.x
domain xxxx
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac
!
crypto ipsec client ezvpn ezvpnclient
connect auto
group ezvpnclient key xxxx
mode client
peer xxxx
xauth userid mode interactive
!
!
crypto dynamic-map dynmap 1
set transform-set vpn1
reverse-route
!
!
crypto map dynmap isakmp authorization list rtr-remote
crypto map dynmap client configuration address respond
!
crypto map static-map 1 ipsec-isakmp dynamic dynmap
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
ip virtual-reassembly
no atm ilmi-keepalive
dsl operating-mode auto
crypto ipsec client ezvpn ezvpnclient
!
interface ATM0.1 point-to-point
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
crypto map static-map
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer0
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
no cdp enable
ppp pap sent-username xxxx password 0 xxxx
!
ip local pool vpn_addr_pool 192.168.11.10 192.168.11.20
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.0.0.0 0.255.255.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
mhsrtr#
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide