Here is a basic one that is dynamic, you may want to use static. I hope it
helps. Make sure you are using the correct version of the client. PAT can
also be a problem if the client is behind it. (Traveling to remote corporate
networks that are behind firewalls, etc...)
ip subnet-zero
no ip domain-lookup
!
ip inspect max-incomplete high 1100
ip inspect one-minute high 1100
ip inspect name Serial_0 rcmd
ip inspect name Serial_0 tcp
ip inspect name Serial_0 udp
ip inspect name Serial_0 cuseeme
ip inspect name Serial_0 ftp
ip inspect name Serial_0 h323
ip inspect name Serial_0 realaudio
ip inspect name Serial_0 smtp
ip inspect name Serial_0 sqlnet
ip inspect name Serial_0 streamworks
ip inspect name Serial_0 tftp
ip inspect name Serial_0 vdolive
ip audit notify log
ip audit po max-events 100
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key Ciscokey12345 address 0.0.0.0
crypto isakmp client configuration address-pool local remote
!
!
crypto ipsec transform-set remote_des esp-des esp-md5-hmac
!
crypto dynamic-map remote_user 10
set transform-set remote_des
!
crypto map remote_user client configuration address initiate
crypto map remote_user client configuration address respond
crypto map remote_user 10 ipsec-isakmp dynamic remote_user
cns event-service server
!
!
!
interface Serial0
description connected to Internet
ip address xxx.xxx.xxx.xxx 255.255.255.252
ip access-group 102 in
no ip directed-broadcast
ip nat outside
ip inspect Serial_0 out
crypto map remote_user
!
interface FastEthernet0
description connected to EthernetLAN
ip address 192.168.1.1 255.255.255.0
ip access-group 101 in
no ip directed-broadcast
ip nat inside
half-duplex
!
ip local pool remote 192.168.66.1 192.168.66.254
ip nat inside source route-map nonat interface Serial0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 207.87.222.249
no ip http server
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip 192.168.66.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 102 permit tcp any 192.168.1.0 0.0.0.255 established
access-list 102 permit esp any host 207.87.222.250
access-list 102 permit ahp any host 207.87.222.250
access-list 102 permit udp any eq isakmp host 207.87.222.250
access-list 102 deny ip 192.168.1.0 0.0.0.255 any
access-list 102 permit tcp 207.87.221.0 0.0.0.255 host 207.87.222.250 eq
telnet
access-list 150 deny ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 150 permit ip 192.168.1.0 0.0.0.255 any
route-map nonat permit 10
match ip address 150
<[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> Hello, I have a Cisco 1750 router here at the office and want to be able
to
> setup VPN services from the Internet comining into my Cisco 1750 router,
does
> anyone have a sample config of one. I am having my user going to start
using
> VPN over then just dialing into the RAS box to cut down long distance
calling
> into the office. I haved looked on the WEB for sample config's but there
not
> that I could find? I even looked ont the Cisco site nothing.
>
>
> Thankssssssssssssssss
>
>
> Brian
> Email Address [EMAIL PROTECTED]
>
> ___________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
