December 2006
Intermediate to advanced
1188 pages
72h 8m
English
Content preview from Cisco IOS Cookbook, 2nd EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Creating a VPN Between a Workstation and a Router
Problem
You want to make a VPN from a remote workstation to a router.
Solution
There are several steps to configuring a router to accept IPSec VPN connections from remote PCs. The following discussion doesn’t include requirements for the PC’s software configuration, just the router’s configuration. You should refer the software vendor’s documentation for information about configuring the workstation software:
Router1#configure terminalEnter configuration commands, one per line. End with CNTL/Z. Router1(config)#aaa new-modelRouter1(config)#aaa authentication login default group tacacs+Router1(config)#aaa authentication enable default group tacacs+Router1(config)#tacacs-server hostRouter1(config)#172.25.1.1tacacs-server keyRouter1(config)#COOKBOOKcrypto isakmp policyRouter1(config-isakmp)#10encryption 3desRouter1(config-isakmp)#authentication pre-shareRouter1(config-isakmp)#groupRouter1(config-isakmp)#2exitRouter1(config)#crypto ipsec transform-setVPN-TRANSFORMSah-sha-hmac esp-sha-hmac esp-3desRouter1(cfg-crypto-trans)#mode tunnelRouter1(cfg-crypto-trans)#exitRouter1(config)#crypto dynamic-mapRouter1(config-crypto-map)#VPN-USER-MAP 50descriptionRouter1(config-crypto-map)#A dynamic crypto map for VPN usersmatch addressRouter1(config-crypto-map)#115set transform-setRouter1(config-crypto-map)#VPN-TRANSFORMSexitRouter1(config)#access-list115deny anyRouter1(config)#224.0.0.0 35.255.255.255access-list ...