How to setup vpn server on cisco router

Find out What's Going On

Solved: setup vpn connection with cisco 2821 ro... - cisco support community

    Hello,
    here is some configuration of the test router
    without "certification part".
    If you need only preshared key, it would be better
    to use some cisco examples.
    Good luck to you.
    Peter S.


    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname cisco28
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 128000
    enable secret 5 $1$wgM4$hnI4TqvqWv8EwjDWUgsjQ1
    enable password something
    !
    aaa new-model
    !
    aaa authentication login default local
    aaa authentication login sdm_vpn_xauth_ml_1 local
    aaa authorization exec default local
    aaa authorization network sdm_vpn_group_ml_1 local
    !
    aaa session-id common
    !
    dot11 syslog
    no ip source-route
    !
    ip cef
    !
    no ip bootp server
    ip domain name firma.com
    ip host client-vpn 10.1.1.133
    ip name-server 10.1.1.33
    !
    multilink bundle-name authenticated
    !
    license udi pid CISCO2821 sn FCZ012345KM
    username user1 password 0 kamil1
    username spravce privilege 15 password 0 kamil15
    username user2 password 0 kamil2
    !
    redundancy
    !
    crypto ikev2 diagnose error 50
    !
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    !
    crypto isakmp policy 3
    encr 3des
    group 2
    !
    crypto isakmp policy 10
    encr 3des
    hash md5
    authentication pre-share
    group 2
    !
    crypto isakmp policy 20
    encr 3des
    hash md5
    group 2
    !
    crypto isakmp client configuration group Group159
    key Key159Key
    pool SDM_POOL_1
    acl 100
    !
    crypto ipsec transform-set 3DES-MD5 esp-3des esp-md5-hmac
    !
    crypto dynamic-map SDM_DYNMAP_1 1
    set transform-set 3DES-MD5
    reverse-route
    !
    crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
    crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
    crypto map SDM_CMAP_1 client configuration address respond
    crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
    !
    interface Loopback10
    description For VPN Client
    ip address 192.168.201.1 255.255.255.0
    !
    interface GigabitEthernet0/0
    description $FW_OUTSIDE$
    ip address 10.1.1.220 255.255.255.0
    duplex auto
    speed auto
    crypto map SDM_CMAP_1
    !
    interface GigabitEthernet0/1
    description $ETH-LAN$$FW_INSIDE$
    ip address 192.168.220.1 255.255.255.0
    duplex auto
    speed auto
    !
    ip local pool SDM_POOL_1 192.168.200.1 192.168.200.10
    ip forward-protocol nd
    ip http server
    ip http secure-server
    !
    ip route 0.0.0.0 0.0.0.0 10.1.1.1
    !
    access-list 10 remark Prisup na router
    access-list 10 remark Pristup na router
    access-list 10 permit 10.1.1.0 0.0.0.255
    access-list 10 permit 192.168.201.0 0.0.0.255
    access-list 10 permit 192.168.200.0 0.0.0.255
    access-list 100 remark SDM_ACL Category=4
    access-list 100 permit ip 192.168.201.0 0.0.0.255 192.168.200.0 0.0.0.255
    no cdp run
    !
    control-plane
    !
    line con 0
    line aux 0
    line vty 0 4
    access-class 10 in
    exec-timeout 3600 0
    password kamil
    transport input all
    !
    scheduler allocate 20000 1000
    ntp server 10.1.1.1
    !
    webvpn context Default_context
    ssl authenticate verify all
    !
    no inservice
    !
    end

News How to setup vpn server on cisco router