Wednesday, April 6, 2016

Remote Access Easy VPN Hardware Client





Includes IKE Phase 1.5

XAUTH
Policy Push
Reverse Route Injection

Mode Of connection
Client:- Server is going to assign an IP from the pool
Network Extension:- No pool on the server side, client will tell the server which network should be protected.
Network Extension Plus:- Pool defined on the server and assigning the IPs to the client

Steps to Configure
crypto isakmp policy
crypto isakmp client configuration group
crypto isakmp profile
crypto ipsec transform-set
crypto ipsec profile
Create Virtual Templet
Apply crypto ipsec to Virtual-interface

R1 Config
aaa new-model
!
aaa authentication login XAUTH local
aaa authorization network XNETWORK local
!
username cisco password 0 cisco
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp client configuration group MYGROUP
 key cisco
 domain mydomain.com
 pool VPNPOOL
 acl 100
crypto isakmp profile EZPROFILE
   match identity group MYGROUP
   client authentication list XAUTH
   isakmp authorization list XNETWORK
   client configuration address respond
!
crypto ipsec transform-set MYSET esp-3des esp-md5-hmac
!
crypto dynamic-map EZDMAP 10
 set transform-set MYSET
 set isakmp-profile EZPROFILE
 reverse-route
!
!
crypto map VPNMAP 100 ipsec-isakmp dynamic EZDMAP
!
!
!
!
interface FastEthernet0/0
 ip address 12.1.1.1 255.255.255.0
 duplex auto
 speed auto
 crypto map VPNMAP
!
ip local pool VPNPOOL 172.10.10.10 172.10.10.20
access-list 100 permit ip 1.1.1.0 0.0.0.255 any
===================================================================

Config with Tunnel Interface

crypto isakmp profile ISAPROFILE
   match identity group MYGROUP
   isakmp authorization list XAUTH
   client configuration address respond
   virtual-template 1

interface Virtual-Template1 type tunnel
 ip unnumbered FastEthernet0/0
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile IPSEC-PROFILE

===================================================================
R2 Config
crypto ipsec client ezvpn EZVPN
 connect manual
 group MYGROUP key cisco
 mode client
 peer 12.1.1.1
 xauth userid mode interactive
!
!
!
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.0
 crypto ipsec client ezvpn EZVPN inside
!
interface FastEthernet0/0
 ip address 12.1.1.2 255.255.255.0
 duplex auto
 speed auto
 crypto ipsec client ezvpn EZVPN outside
















Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)