Below is the basic configuration for remote access using Cisco VPN software.
crypto isakmp enable
crypto logging session
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
lifetime 3600
crypto isakmp keepalive 10
crypto isakmp nat keepalive 20
crypto isakmp xauth timeout 90
crypto isakmp client configuration group remote-vpn
key nopassword
dns 192.168.2.1
domain cisco877.local
max-users 10
max-logins 10
pool remote-pool
acl 150 ! this is split tunneling control
save-password
crypto ipsec transform-set VPN-CLI-SET esp-3des esp-md5-hmac
crypto ipsec security-association idle-time 3600
crypto dynamic-map remote-dyn 10
set transform-set VPN-CLI-SET
reverse-route
exit
crypto map remotemap local-address dialer0
crypto map remotemap client authentication list userauthen
crypto map remotemap isakmp authorization list groupauthor
crypto map remotemap client configuration address respond
crypto map remotemap 65535 ipsec-isakmp dynamic remote-dyn
aaa new-model
aaa authentication login userauthen local
aaa authorization network groupauthor local
ip local pool remote-pool 192.168.3.210 192.168.3.220
no access-list 150
access-list 150 rem *** ACL split tunnel ***
access-list 150 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
no access-list 101
access-list 101 remark *** ACL nonat ***
access-list 101 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255 ! for hub site initiated traffic
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
ip nat inside source list 101 interface Dialer0 overload
interface dialer0
crypto map remotemap
Refence:
vpn ipsec Cisco 877 <-> iphone
Cisco 877 as a VPN server
Easy VPN Server
How to configure Cisco IOS Easy VPN (server and client mode)
Configuration Examples and TechNotes
Router Allows VPN Clients to Connect IPsec and Internet Using Split Tunneling Configuration Example
This comment has been removed by the author.
ReplyDeleteGood to know that you like it.
Delete