Re: OT: L2TP/IPSEC configuration, Windows XP clients (using

From: Nauman Habib (mrnauman@gmail.com)
Date: Mon Aug 25 2008 - 03:54:37 ART

• Next message: Nauman Habib: "Re: CCIE written 350-001 passing-score"
• Previous message: Jonny English: "Re: A CCIE candidate ----From the archives-Inspirational"
• Next in thread: darth router: "Re: OT: L2TP/IPSEC configuration, Windows XP clients (using"
• Maybe reply: darth router: "Re: OT: L2TP/IPSEC configuration, Windows XP clients (using"
• Maybe reply: Farrukh Haroon: "Re: OT: L2TP/IPSEC configuration, Windows XP clients (using"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

*Lab 9*

*Remote VPN*

* *

**

*A(config)# AAA new-model //*enable AAA feature

*A(config)# username nauman password nauman //*create a user having name
haroon with password cisco

*A(config)# AAA authentication login default local //*do authentication for
the users locally

*A(config)# AAA authorization network abc local //*do authorization for
users locally

*A(config)# crypro isakmp policy 10 //*create a policy of number 10

*A(config-isakmp)# authentication pre-share //*use authentication pre-share

*A(config-isakmp)# hash md5 //*use hash md5

*A(config-isakmp)# encryption des //*use encryption des

*A(config-isakmp)# group 2 //*use group 2

*A(config-isakmp)# exit*

*A(config)# crypto isakmp key cisco address 0.0.0.0 *create isakmp peer for
any user

*A(config)# crypto ipsec transform-set tset esp-des esp-md5-hmac *create a
transform set having name tset with policies esp-des and esp-md5-hmac

*A(config)# ip local pool pool1 15.1.1.1 15.1.1.50 //*create a pool of IP
addresses for remote user

*A(config)# crypto isakmp client configuration group abc //*

*A(config-group)# pool pool1 //*allowing pool which is pool1

*A(config-group)# key cisco //*having key cisco

*A(config-group)# exit*

*A(config)# crypto isakmp client configuration address-pool local pool1 *

*A(config)# crypto dynamic-map dmap 5 //*create a dynamic map having name
dmap5 for binding all the features

*A(config-map)# set transform-set tset //*

*A(config-map)#exit*

*A(config)# crypto map smap 10 ipsec-isakmp dynamic map dmap //*binde
dynamic map with static map

*A(config)# crypto map smap client authentication list abc //*give the users
of abc to static map which is smap

*A(config)# crypto map smap isakmp authorization list abc //*authorize the
users which are define in abc with static map smap

*A(config)# crypto map smap client configuration address respond*

*A(config)# interface serial 0/0*

*A(config-if)# crypto map smap //*apply static map to the interface

*A(config)# ip route 15.0.0.0 255.0.0.0 serial 0 //*create a static route
for 15.0.0.0 from its s0 interface

On Mon, Aug 25, 2008 at 9:08 AM, darth router <darklordrouter@gmail.com>wrote:

> Anyone have a pretty basic working configuration (like EASY VPN) for this?
> Needs to be dynamic for multiple users to dial in. I've been banging my
> head
> working on a configuration for hours.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Nauman Habib: "Re: CCIE written 350-001 passing-score"
• Previous message: Jonny English: "Re: A CCIE candidate ----From the archives-Inspirational"
• Next in thread: darth router: "Re: OT: L2TP/IPSEC configuration, Windows XP clients (using"
• Maybe reply: darth router: "Re: OT: L2TP/IPSEC configuration, Windows XP clients (using"
• Maybe reply: Farrukh Haroon: "Re: OT: L2TP/IPSEC configuration, Windows XP clients (using"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:32 ART