Re: VPN server (Newbie)

c · ‎11-15-2004

Hello,

I'm configuring a Cisco 1712 as easy vpn server but something is wrong or missing. This is what I got so far, any idea what I'm missing ?

!This is the running config of the router: 192.168.2.252

!----------------------------------------------------------------------------

!version 12.2

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname TESTVPN

!

security authentication failure rate 3 log

security passwords min-length 6

logging queue-limit 100

logging buffered 51200 debugging

logging console critical

!

username *********** privilege 15 password 7 **************

aaa new-model

!

aaa authentication login default local

aaa authentication login sdm_vpn_xauth_ml_1 local

aaa authentication login sdm_vpn_xauth_ml_2 local

aaa authorization exec default local

aaa authorization network sdm_vpn_group_ml_1 local

aaa authorization network sdm_vpn_group_ml_2 local

aaa session-id common

ip subnet-zero

no ip source-route

!

ip tcp synwait-time 10

!

no ip bootp server

ip cef

ip audit notify log

ip audit po max-events 100

ip ssh time-out 60

ip ssh authentication-retries 2

no ftp-server write-enable

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp policy 3

encr 3des

group 2

!

crypto isakmp client configuration group TESTVPN

pool SDM_POOL_1

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac

!

crypto dynamic-map SDM_DYNMAP_1 1

set transform-set ESP-3DES-SHA1

reverse-route

!

crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_2

crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_2

crypto map SDM_CMAP_1 client configuration address respond

crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1

!

interface Null0

no ip unreachables

!

interface BRI0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

shutdown

!

interface FastEthernet0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

shutdown

duplex auto

speed auto

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

shutdown

!

interface FastEthernet3

no ip address

shutdown

!

interface FastEthernet4

no ip address

shutdown

!

interface Vlan1

ip address 192.168.2.252 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

crypto map SDM_CMAP_1

!

ip local pool SDM_POOL_1 192.168.2.50 192.168.2.75

ip classless

ip http server

ip http authentication local

ip http secure-server

!

logging trap debugging

no cdp run

!

radius-server authorization permit missing Service-Type

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!

^C

!

line con 0

line aux 0

line vty 0 4

transport input ssh

!

scheduler allocate 4000 1000

scheduler interval 500

!

end

Thank you.

Gunther.

jay_colby · ‎11-16-2004

There is no key in...

crypto isakmp client configuration group TESTVPN

This is like the isakmp key or group password. Here is a sample link.

http://www.cisco.com/en/US/customer/tech/tk583/tk372/technologies_configuration_example09186a0080095106.shtml

c · ‎11-18-2004

Added the key and now If I do the easy vpn server test, everything works fine. But I can't make a connection vpn connection from my pc. How do I add users to the security group I created ?

Thank you,

Gunther.

reswaran · ‎11-22-2004

You can add user accounts by giving "username password "

Ravikumar