Configuring a Client to Site IPSec VPN Tunnel on a Cisco ISR Router

Configuring a Client to Site IPSec VPN Tunnel on a Cisco ISR Router



Help keep us going…

       

This video shows how to configure a client to site IKEv1 IPSec VPN tunnel on a Cisco ISR router

Downloads

Shrew Soft IPSec VPN Client



Don’t Forget to Subscribe on YouTube



Sample Configuration

aaa new-model

aaa authentication login IPSEC_CLIENT_USER_AUTHEN local
aaa authorization network IPSEC_CLIENT_GROUP_AUTHOR local

username USER password 0 PASSWORD

crypto isakmp policy 1
encryption 3des
authentication pre-share
group 2

crypto isakmp client configuration group group1
key cisco1234
dns 10.0.20.13 10.1.25.5
domain domain.com
split-dns domain.com
pool IPSEC_CLIENT_IPPOOL_GROUP1
acl IPSEC_CLIENT_GROUP1

crypto ipsec transform-set TS_CLIENT esp-3des esp-md5-hmac

crypto dynamic-map DM_CLIENT 10
set transform-set TS_CLIENT

crypto map IPSEC_VPN client authentication list IPSEC_CLIENT_USER
crypto map IPSEC_VPN isakmp authorization list IPSEC_CLIENT_GROUP_AUTHOR
crypto map IPSEC_VPN client configuration address respond
crypto map IPSEC_VPN 10 ipsec-isakmp dynamic DM_CLIENT

crypto map IPSEC_VPN_HA client authentication list IPSEC_CLIENT_USER
crypto map IPSEC_VPN_HA isakmp authorization list IPSEC_CLIENT_GROUP_AUTHOR
crypto map IPSEC_VPN_HA client configuration address respond
crypto map IPSEC_VPN_HA 10 ipsec-isakmp dynamic DM_CLIENT

crypto ipsec df-bit clear

ip local pool IPSEC_CLIENT_IPPOOL_GROUP1 10.3.10.5 10.3.10.50

ip access-list extended IPSEC_CLIENT_GROUP1
permit ip 10.0.0.0 0.0.255.255 10.3.10.0 0.0.0.255
permit ip 10.1.0.0 0.0.255.255 10.3.10.0 0.0.0.255

 

Leave a Reply

Your email address will not be published. Required fields are marked *