EZVPN server and client on Cisco Routers

by Ras 8. March 2012 17:05

 

EZVPN server configuration example :

 

1- Authentication

aaa authentication login vpn_xauth_ml_1 local
aaa authorization network vpn_group_ml_1 local
!
!

2- VPN Policy (ISAKMP)

!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp xauth timeout 15
!

3- Username

!
username <username> password <password>
!

4- Client Group

!
crypto isakmp client configuration group VPNGROUP
key 123
dns 192.168.1.1
wins 192.168.1.1
pool VPN_POOL_1
!

5- Encryption and hashing
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!

6 -VPN config

!
crypto dynamic-map VPN_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map VPN_CMAP_1 client authentication list vpn_xauth_ml_1
crypto map VPN_CMAP_1 isakmp authorization list vpn_group_ml_1
crypto map VPN_CMAP_1 client configuration address respond
crypto map VPN_CMAP_1 65535 ipsec-isakmp dynamic VPN_DYNMAP_1
!
!
!
interface FastEthernet0/0
ip address 172.16.1.100 255.255.255.0
speed auto
!

7- Assign VPN to the interface

!
interface Serial0/0
ip address 10.1.1.1 255.255.255.0
crypto map VPN_CMAP_1
!

8- IP Pool

!
ip local pool VPN_POOL_1 192.168.1.10 192.168.1.20

 

EZVPN Client config :

 

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec client ezvpn EZVPN_CLIENT_1
connect auto
group VPNGROUP key 123
mode client
peer 10.1.1.1
username <username> password <password>
xauth userid mode local
!
!
!
interface FastEthernet0/0
ip address 172.16.1.100 255.255.255.0
speed auto
crypto ipsec client ezvpn EZVPN_CLIENT_1 inside
!
interface Serial0/0
ip address 10.1.1.2 255.255.255.0
crypto ipsec client ezvpn EZVPN_CLIENT_1

 

Tags:

Cisco | Security

E-Mail | Kick it! | DZone it! | del.icio.us
Permalink | Comments (0)

About the author

Ras is a network/Security professional working on multiple areas with multiple certificates like CCNP, CCIP, CCSP, CCSA, CCSE, LPI, PM, IPv6, ..

Month List