[c-nsp] VPN Configuration
Paul Stewart
paul at paulstewart.org
Tue Apr 22 08:21:48 EDT 2008
Hi folks... if there is a better place to ask than here please let me
know...;)
I have a Cisco 871 at a client site with a 2 meg connection. We built a
site to site VPN (config below) which works perfectly... now the client
would like 4-5 remote access VPN sessions to be possible. I'm asking the
list before I dive too much into docs on the easiest simple way to setup a
remote access VPN when you already have a site to site configured.... we'd
like to adopt a "cookie cutter" approach for some other client sites in the
near future.... this particular customer has remote computers running Mac
OS/X and PC's running XP/Vista which I understand the Cisco VPN client runs
on both....?
Can someone tell me a good way to configure both on the same router?
Thanks in advance..
Paul
Config:
crypto isakmp policy 10
encr aes 256
authentication pre-share
crypto isakmp key XXXXXXXXXXX address xx.xx.xx.xxx
!
!
crypto ipsec transform-set ts1 ah-sha-hmac esp-aes 256
!
crypto ipsec profile VPN
set transform-set ts1
interface Tunnel0
description xxxxxxxxxxx
ip address 172.16.1.1 255.255.255.252
tunnel source FastEthernet4
tunnel destination xx.xx.xx.xxx
tunnel protection ipsec profile VPN
interface FastEthernet4
description Nexicom Cable
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface Vlan1
description Internal LAN
ip address 10.241.41.193 255.255.255.192
ip nat inside
ip virtual-reassembly
ip route 10.241.175.64 255.255.255.192 Tunnel0
ip nat inside source list 102 interface FastEthernet4 overload
access-list 102 deny ip 10.241.41.192 0.0.0.63 10.241.175.64 0.0.0.63
access-list 102 permit ip 10.241.41.192 0.0.0.63 any
More information about the cisco-nsp
mailing list