How to config VPN on CISCO 2811.

Yesterday, I configured VPN on my router CISCO 2811. I think , it’s a good exercise for me and for you too. P’ Berm , thank you so much for give good suggestion to me.

1. Enable IP Pool

aoddy-router(config)#ip local pool TEST_VPN_POOL 192.168.0.1 192.168.0.99

2. Enable isakmp protocol

aoddy-router(config)#crypto isakmp enable
aoddy-router(config)#crypto isakmp policy 100
aoddy-router(config-isakmp)#encryption aes # AES – Advanced Encryption Standard.
aoddy-router(config-isakmp)#hash sha
aoddy-router(config-isakmp)#authentication pre-share

pre-share Pre-Shared Key
rsa-encr Rivest-Shamir-Adleman Encryption
rsa-sig Rivest-Shamir-Adleman Signature

aoddy-router(config-isakmp)#group 2

1 Diffie-Hellman group 1
2 Diffie-Hellman group 2
5 Diffie-Hellman group 5

aoddy-router(config-isakmp)#end

3. Create group

aoddy-router#configure terminal
aoddy-router(config)#crypto isakmp client configuration group TEST_VPN_GROUP
aoddy-router(config-isakmp-group)#key passwdgroup

4. Set DNS server for client after connect to VPN

aoddy-router(config-isakmp-group)#dns 192.168.0.1
aoddy-router(config-isakmp-group)#pool TEST_VPN_POOL
endspy-gw(config-isakmp-group)#end

5. Create crypto map for support connection from client.

aoddy-router#configure terminal
aoddy-router(config)#crypto ipsec transform-set VPN_TEST esp-aes esp-sha-hmac
aoddy-router(cfg-crypto-trans)#end

Type of encryption of IPSec
ah-md5-hmac AH-HMAC-MD5 transform
ah-sha-hmac AH-HMAC-SHA transform
comp-lzs IP Compression using the LZS compression algorithm
esp-3des ESP transform using 3DES(EDE) cipher (168 bits)
esp-aes ESP transform using AES cipher
esp-des ESP transform using DES cipher (56 bits)
esp-md5-hmac ESP transform using HMAC-MD5 auth
esp-null ESP transform w/o cipher
esp-seal ESP transform using SEAL cipher (160 bits)
esp-sha-hmac ESP transform using HMAC-SHA auth

Type of tranform of encryption data
128 128 bit keys.
192 192 bit keys.
256 256 bit keys.
ah-md5-hmac AH-HMAC-MD5 transform
ah-sha-hmac AH-HMAC-SHA transform
comp-lzs IP Compression using the LZS compression algorithm
esp-md5-hmac ESP transform using HMAC-MD5 auth
esp-sha-hmac ESP transform using HMAC-SHA auth
<cr>

5. Create crypto map for support connection from client.

aoddy-router#configure terminal
aoddy-router(config)#crypto dynamic-map VPN_DYNAMIC 100 # VPN_DM = Word of Dynamic crypto map template tag
aoddy-router(config-crypto-map)#set transform-set VPN_TEST # VPN_TS = Word of Proposal tag
aoddy-router(config-crypto-map)#reverse-route
aoddy-router(config-crypto-map)#end

6. Set type authentication

aoddy-router#configure terminal
aoddy-router(config)#aaa new-model
aoddy-router(config)#aaa authentication login VPN_AUTHEN local
aoddy-router(config)#aaa authorization network VPN_AUTHEN local

7. Apply authentication&authorization to crypto map

aoddy-router(config)#crypto map VPN_CM client configuration address respond
aoddy-router(config)#crypto map VPN_CM isakmp authorization list VPN_AUTHEN
aoddy-router(config)#crypto map VPN_CM client authentication list VPN_AUTHEN
aoddy-router(config)#crypto map VPN_CM 65535 ipsec-isakmp dynamic VPN_DYNAMIC

8. Set death pear detection

aoddy-router(config)#crypto isakmp keepalive 30 5

9. Set time wait for input password

aoddy-router(config)#crypto isakmp xauth timeout 30

10. Add user

aoddy-router(config)#username aoddy password aoddy
aoddy-router(config)#end

11. Map config to interface

aoddy-router#configure terminal
aoddy-router(config)#interface serial 0/0/0
aoddy-router(config-if)#crypto map VPN_CM
aoddy-router(config-if)#end
aoddy-router#write

Perfect !!

Comments

comments