|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
al
Guest
|
 Posted: Fri Jul 04, 2003 5:17 pm Post subject: VPN using IOS Router |
 |
|
Hi all,
I have this simple config that runs on our PIX 506 for our VPN users (see
below).
How do I configure an IOS Router with IPSEC image to do the same function?
Because there are a little bit of difference on the commands on a router.
Thanks,
Al
access-list 101 permit ip 10.10.15.0 255.255.255.0 10.2.1.0 255.255.255.0
ip local pool vpnuser 10.2.1.50-10.2.1.99
nat (inside) 0 access-list 101
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup vpnuser address-pool vpnuser
vpngroup vpnuser default-domain mydomain.com
vpngroup vpnuser idle-time 1800
vpngroup vpnuser password mypassword |
|
| Back to top |
|
 |
|
|
Ravikumar Eswaran
Guest
|
| Posted: Mon Jul 07, 2003 10:36 am Post subject: Re: VPN using IOS Router |
|
|
Hi,
Cisco Security Device Manager (Cisco SDM) is there to help you. It simplifies
your router's VPN configuration by using UI wizards. You need not want to
learn the IOS commands for it.
But it supports only a specific set of access routers. Please visit this page
for more info....
http://www.cisco.com/go/sdm
Also let me know if you need any help.
-Ravikumar
al wrote:
| Quote: | Hi all,
I have this simple config that runs on our PIX 506 for our VPN users (see
below).
How do I configure an IOS Router with IPSEC image to do the same function?
Because there are a little bit of difference on the commands on a router.
Thanks,
Al
access-list 101 permit ip 10.10.15.0 255.255.255.0 10.2.1.0 255.255.255.0
ip local pool vpnuser 10.2.1.50-10.2.1.99
nat (inside) 0 access-list 101
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup vpnuser address-pool vpnuser
vpngroup vpnuser default-domain mydomain.com
vpngroup vpnuser idle-time 1800
vpngroup vpnuser password mypassword |
|
|
| Back to top |
|
|
|
|
