aaa new-model aaa authentication login VPN-VPN local aaa authentication login sslvpn local aaa authorization network GROUP-VPN local username adminitrator secret 0 C!sC0123 ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 lifetime 28800 ! crypto isakmp policy 2 encr 3des hash md5 authentication pre-share group 2 ! crypto isakmp client configuration group CCLIENT-VPN key !9j5D1cretkY dns 10.1.10.21 10.1.10.22 domain dummy.local pool RemoteVPN-Pool acl RemoteVPN-ACL save-password max-users 3 netmask 255.255.255.0 crypto isakmp profile vpn-ike-profile-1 match identity group CCLIENT-VPN client authentication list VPN-VPN isakmp authorization list GROUP-VPN client configuration address respond virtual-template 2 ! crypto ipsec transform-set encrypt-method-2 esp-aes 256 esp-sha-hmac comp-lzs ! crypto ipsec profile VPN-Profile-1 set transform-set encrypt-method-2 ! interface Loopback0 ip address 10.1.120.254 255.255.255.0 ! interface GigabitEthernet0/0.100 description - connection to ISP - ip add 1.1.1.1 255.255.255.0 ip nat outside interface Virtual-Template2 type tunnel ip unnumbered Loopback0 tunnel mode ipsec ipv4 tunnel protection ipsec profile VPN-Profile-1 ! ip local pool RemoteVPN-Pool 10.1.120.1 10.1.120.3 ! ip nat inside source list NAT-ACL interface GigabitEthernet0/0.100 overload ! ip access-list extended NAT-ACL remark *** Deny VPN Users *** deny ip 10.1.70.0 0.0.0.255 10.1.120.0 0.0.0.255 deny ip 10.1.10.0 0.0.0.255 10.1.120.0 0.0.0.255 deny ip host 10.1.50.1 10.1.120.0 0.0.0.255 deny ip host 10.1.50.2 10.1.120.0 0.0.0.255 permit ip 10.1.0.0 0.0.255.255 any ! ip access-list extended RemoteVPN-ACL permit ip host 10.1.50.1 10.1.120.0 0.0.0.255 permit ip host 10.1.50.2 10.1.120.0 0.0.0.255 permit ip 10.1.70.0 0.0.0.255 10.1.120.0 0.0.0.255 permit ip 10.1.10.0 0.0.0.255 10.1.120.0 0.0.0.255 !
How to configure a Cisco Router to connect to Cisco VPN Client in a NAT Environment
Published
CyberSecFaith 