Menu

Cisco VPN client

Some simple VPN Configuration for the Cisco VPN client application,
including explanation for each step.

authentication groups in will be used for the tunnel
 aaa authentication login auth local
 aaa authorization network auth local

Hash and encription for phase 1, I used 3DES for encryption and SHA1 for hash.
 crypto isakmp policy 3
  encr 3des
  authentication pre-share
  group 2

enableling nat-t.
  crypto isakmp nat keepalive 10
phase 1 settings
 crypto isakmp client configuration group GROUP-NAME
  key GROUP-KEY
  pool ippool
  acl VPN
  include-local-lan

Phase 2 Hash and encryption settings, i used same as phase 1.
 crypto ipsec transform-set myset esp-3des esp-sha-hmac
 !
 crypto dynamic-map dynmap 10
  set transform-set myset
  reverse-route

The site itself, to be enabled on an interface.
 crypto map clientmap client authentication list auth
 crypto map clientmap isakmp authorization list auth
 crypto map clientmap client configuration address respond
 crypto map clientmap 10 ipsec-isakmp dynamic dynmap

and lastly, add " crypto map clientmap " to the interface intended for the connection
if desired, it's possible to shorten the process by removing the "aaa authentication.."
and it'll remove the username \ password authentication, and the authentication will be by the group name and key only.

Hope this post was helpful, If it was please consider a donation:
BTC Address: 1CnyMpjd1RntRDxSus2hu2aDMyzL4Kj29N
LTC Address: LUqrKbzGihTU2GEnL3EwsuuLHCsxCJMdtR

0 Comments:

Post a Comment