easy vpn
Content
conf t Router(config)#host 3640 . 3640(config)#int s3/0 3640(config-if)#ip add 10.1.1.1 255.25.05 5.255.0 3640(config-if)#no sh 3640(config)#router eigrp 100 3640(config-router)#network 10.1.1.0 3640(config)#int s3/0 3640(config-if)#clock rate 64000 3640(config)#do sh ip int bri Interface IP-Address ocol Ethernet0/0 unassigned Ethernet0/1 Ethernet2/0 Ethernet2/1 Serial3/0 Serial3/1 Serial3/2 Serial3/3 unassigned unassigned unassigned 10.1.1.1 unassigned unassigned unassigned OK? Method Status Prot
YES unset administratively down down YES unset administratively down down YES unset administratively down down YES unset administratively down down YES manual up up
YES unset administratively down down YES unset administratively down down YES unset administratively down down
3640(config)#line vty 0 4 . 3640(config-line)#password cisco 3640(config-line)#login 3640(config-line)#exit
3640(config)#enable password cisco 3640(config)#username sharib priv 15 password cisco /////To run easy vpn server AAA mustbe enabled on the router .to prevent the rou ter getting locked out create a local username to do local authentication.///// 3640(config)#aaa new-model 3640(config)#aaa authentication login default local ////From this pool vpn client can draw ip addresses//// 3640(config)#ip local pool vpnpool 192.168.1.100 192.168.1.200 //This list will authenticate remote users connecting the vpn using the group se t up in their client.
it means here we create the group authorization list///// 3640(config)#aaa authorization network vpnauth local // Create an IKE policy and group/// 3640(config)#crypto isakmp policy 10 3640(config-isakmp)#authentication pre-share 3640(config-isakmp)#encryption aes 256 3640(config-isakmp)#group 2 3640(config-isakmp)#exit
3640(config)#crypto isakmp client configuration group ciscogroup 3640(config-isakmp-group)#key ciscogroup 3640(config-isakmp-group)#pool mypool 3640(config-isakmp-group)#acl 100 3640(config-isakmp-group)#netmask 255.255.255.0
3640(config)#access-list 100 permit ip 172.16.1.0 0.0.0.255 any 3640(config)#crypto ipsec transform-set myset esp-3des esp-sha-hmac 3640(cfg-crypto-trans)#exit 3640(config)#crypto dynamic-map mymap 10 3640(config-crypto-map)#set transform-set myset
3640(config-crypto-map)#reverse-route 3640(config-crypto-map)#exit 3640(config)#crypto map mymap client configuration address respond
3640(config)#crypto map mymap isakmp authorization list vpnauth 3640(config)#crypto map mymap 10 ipsec-isakmp dynamic mymap 3640(config)#int s3/0 3640(config-if)#crypto map mymap 3640(config)#crypto isakmp keepalive 30 5 3640(config)#
3640(config)#aaa authentication login vpnauth local 3640(config)#crypto map mymap client authentication list vpnauth
YES unset administratively down down YES unset administratively down down YES unset administratively down down YES unset administratively down down YES manual up up
YES unset administratively down down YES unset administratively down down YES unset administratively down down
3640(config)#line vty 0 4 . 3640(config-line)#password cisco 3640(config-line)#login 3640(config-line)#exit
3640(config)#enable password cisco 3640(config)#username sharib priv 15 password cisco /////To run easy vpn server AAA mustbe enabled on the router .to prevent the rou ter getting locked out create a local username to do local authentication.///// 3640(config)#aaa new-model 3640(config)#aaa authentication login default local ////From this pool vpn client can draw ip addresses//// 3640(config)#ip local pool vpnpool 192.168.1.100 192.168.1.200 //This list will authenticate remote users connecting the vpn using the group se t up in their client.
it means here we create the group authorization list///// 3640(config)#aaa authorization network vpnauth local // Create an IKE policy and group/// 3640(config)#crypto isakmp policy 10 3640(config-isakmp)#authentication pre-share 3640(config-isakmp)#encryption aes 256 3640(config-isakmp)#group 2 3640(config-isakmp)#exit
3640(config)#crypto isakmp client configuration group ciscogroup 3640(config-isakmp-group)#key ciscogroup 3640(config-isakmp-group)#pool mypool 3640(config-isakmp-group)#acl 100 3640(config-isakmp-group)#netmask 255.255.255.0
3640(config)#access-list 100 permit ip 172.16.1.0 0.0.0.255 any 3640(config)#crypto ipsec transform-set myset esp-3des esp-sha-hmac 3640(cfg-crypto-trans)#exit 3640(config)#crypto dynamic-map mymap 10 3640(config-crypto-map)#set transform-set myset
3640(config-crypto-map)#reverse-route 3640(config-crypto-map)#exit 3640(config)#crypto map mymap client configuration address respond
3640(config)#crypto map mymap isakmp authorization list vpnauth 3640(config)#crypto map mymap 10 ipsec-isakmp dynamic mymap 3640(config)#int s3/0 3640(config-if)#crypto map mymap 3640(config)#crypto isakmp keepalive 30 5 3640(config)#
3640(config)#aaa authentication login vpnauth local 3640(config)#crypto map mymap client authentication list vpnauth
