Initially we’ll start by setting up a local account on the Cisco router itself to use for VPN client authentication. Ip nat inside source list NAT interface FastEthernet0/0 overload I’m using an extended access list to permit NAT traffic, this will be important later because we’ll need disable NAT between the internal interface and the IP address pool that our VPN clients will use. Basically I’ve assigned IP addresses to the interfaces, configured the default route, and activated NAT. Here is my starting configuration of the router.
Here is my network diagram, pretty basic configuration with an external and an internal network: The router is also configured with NAT overload for the internal network.
I have set up my Cisco router with two interfaces, FastEthernet0/0 and FastEthernet0/1. I have tested this configuration and it does work on a physical router, however. I’ve had some difficulties with IPsec and the Dynamips emulator, the VPN connection will start and work for a short time but then the connection will freeze.
#CISCO IPSEC VPN CLIENT AGGRESSIVE MODE CONFIGURE 2900 SOFTWARE#
In this example I will make use of the fantastic GNS3/ Dynamips software for router emulation. Cisco now has a feature called EasyVPN that allows us to specify client configuration on the server and minimize direct configuration of the VPN on the client.
However, the security vulnerabilities of the PPTP protocol have been well documented. Traditionally PPTP has been extensively used as a VPN because of it’s simplicity of configuration, especially on the client side. IPsec is a suite of protocols that provides for authentication and encryption of packets. In this article I’ll walk through the configuration of the IOS on a Cisco router to support remote access IPsec VPN connections.
0 kommentar(er)
