Moblie

Friday, September 18, 2015

Remote Client VPN on Cisco 800 Router

Cisco Router 891 , Cisco Remote VPN Client


!
interface GigabitEthernet0
 description ** WAN Internet Link ***
 ip address 38.93.235.182 255.255.255.128
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 crypto map EXT_MAP
!

interface Vlan1
 ip address 192.168.110.10 255.255.255.0
 ip nat inside
 ip virtual-reassembly in


ip local pool VPN_CLIENT_POOL 192.168.200.20 192.168.200.100
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
ip nat inside source route-map NAT_INT interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 38.93.235.254
!
a
access-list 101 deny   ip 192.168.110.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 101 permit ip 192.168.110.0 0.0.0.255 any
access-list 101 permit ip 192.168.111.0 0.0.0.255 any
access-list 101 permit ip 192.168.112.0 0.0.0.255 any
access-list 101 permit ip 192.168.113.0 0.0.0.255 any
access-list 101 deny   ip any any
access-list 110 permit ip 192.168.110.0 0.0.0.255 192.168.200.0 0.0.0.255
!
!
!
!
route-map NAT_INT permit 1
 match ip address 101
!
!

aaa new-model
!
!
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
!
!
!
!
username admin privilege 15 password 0 admin2015
username vpnuser secret 5 XXXXXXXX

!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
 lifetime 3600
!
crypto isakmp client configuration group vpnuser
 key admin@2015
 dns 8.8.8.8
 domain turbo.com
 pool VPN_CLIENT_POOL
 acl 110
!

!
crypto ipsec transform-set TRANS_3DES_SHA esp-3des esp-sha-hmac
!
crypto dynamic-map EXT_DYNAMIC_MAP 10
 set transform-set TRANS_3DES_SHA
!
!
crypto map EXT_MAP client authentication list ciscocp_vpn_xauth_ml_1
crypto map EXT_MAP isakmp authorization list ciscocp_vpn_group_ml_1
crypto map EXT_MAP client configuration address respond
crypto map EXT_MAP 10 ipsec-isakmp dynamic EXT_DYNAMIC_MAP
!
!
!



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)