[c-nsp] 6500 vpn ras
Adam KOSA
adamk at sch.bme.hu
Sat Dec 18 19:56:57 EST 2004
Hi gurus,
i wonder wether is it possible to configure a 6506 to act as a
vpn ras for cisco vpn clients. i've been digging around cisco.com
configs, and i see how to configure the msfc2 for site-to-site vpn. I
don't have fwsm, and as far as i see without it i have no choice but to
use vpdn-group and end up with pptp vpn. is this true?
the 6506 is a hybrid one, i just updated the ios on the msfc2 to have
crypto commands. all i see is that i'm missing commands for setting up
authentication (radius or local) and stuff like that.
my current (non-working) config for the future vpn is:
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp client configuration address-pool local vpn-pool
!
!
crypto ipsec transform-set cisco esp-des esp-md5-hmac
!
crypto dynamic-map vpn-dyn-map 10
set transform-set cisco
!
!
crypto map vpn-map client configuration address initiate
crypto map vpn-map 10 ipsec-isakmp dynamic vpn-dyn-map
[...]
ip local pool vpn-pool 152.66.209.50 152.66.209.60
thanks for any answers
Adam
More information about the cisco-nsp
mailing list