Creating a VPN Between a Workstation and a Router

Problem

You want to make a VPN from a remote workstation to a router.

Solution

There are several steps to configuring a router to accept IPSec VPN connections from remote PCs. The following discussion doesn’t include requirements for the PC’s software configuration, just the router’s configuration. You should refer the software vendor’s documentation for information about configuring the workstation software:

Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#aaa new-model
Router1(config)#aaa authentication login default group tacacs+
Router1(config)#aaa authentication enable default group tacacs+
Router1(config)#tacacs-server host 172.25.1.1
Router1(config)#tacacs-server key COOKBOOK
Router1(config)#crypto isakmp policy 10 
Router1(config-isakmp)#encryption 3des 
Router1(config-isakmp)#authentication pre-share 
Router1(config-isakmp)#group 2
Router1(config-isakmp)#exit
Router1(config)#crypto ipsec transform-set VPN-TRANSFORMS ah-sha-hmac esp-sha-hmac esp-3des 
Router1(cfg-crypto-trans)#mode tunnel 
Router1(cfg-crypto-trans)#exit
Router1(config)#crypto dynamic-map VPN-USER-MAP 50                   
Router1(config-crypto-map)#description A dynamic crypto map for VPN users
Router1(config-crypto-map)#match address 115                             
Router1(config-crypto-map)#set transform-set VPN-TRANSFORMS              
Router1(config-crypto-map)#exit
Router1(config)#access-list 115 deny any 224.0.0.0 35.255.255.255
Router1(config)#access-list ...

Get Cisco IOS Cookbook, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cisco IOS Cookbook, 2nd Edition by Kevin Dooley, Ian Brown

Creating a VPN Between a Workstation and a Router

Problem

Solution

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly