Here ---- remote windows clients over the
internet gain access to the private w2k LAN. My "sample" uses a
1720, pre-shared key, IPsec/3des, installed the IOS
firewall and IDS.
Building configuration...
Current configuration : 2825 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname sample_1720
!
logging rate-limit console 10 except errors
no logging console
enable secret 5 xxxxxxxxxx.
enable password 7 xxxxxxxxxxxx
!
memory-size iomem 25
clock timezone ET -5
clock summer-time edt recurring
ip subnet-zero
no ip source-route
no ip finger
ip tcp synwait-time 5
no ip domain-lookup
!
no ip bootp server
ip inspect name fw tcp
ip inspect name fw udp
ip inspect name fw ftp
ip inspect name fw tftp
ip audit notify log
ip audit po max-events 100
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key r0cknr011 address 0.0.0.0 0.0.0.0
crypto isakmp client configuration address-pool local
VPN-POOL
!
!
crypto ipsec transform-set trans1 esp-3des
esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set trans1
!
!
crypto map intmap client configuration address
initiate
crypto map intmap client configuration address respond
crypto map intmap 10 ipsec-isakmp dynamic dynmap
!
cns event-service server
!
!
!
interface FastEthernet0
description Internal LAN w/NAT
ip address 192.168.1.1 255.255.255.0
ip nat inside
no ip route-cache
no ip mroute-cache
speed auto
full-duplex
no cdp enable
!
interface Serial0
ip address 199.x.x.x 255.255.255.252
ip access-group 105 in
no ip redirects
no ip unreachables
ip nat outside
ip inspect fw out
encapsulation ppp
no ip route-cache
no ip mroute-cache
no fair-queue
service-module t1 timeslots 1-24
no cdp enable
crypto map intmap
!
ip local pool VPN-POOL 172.16.1.1 172.16.1.255
ip nat inside source route-map nonat interface Serial0
overload
ip kerberos source-interface any
ip classless
ip route 0.0.0.0 0.0.0.0 64.30.27.197
no ip http server
!
access-list 105 deny ip 192.168.1.0 0.0.0.255 any
access-list 105 permit tcp any host 199.x.x.x eq
telnet
access-list 105 permit esp any any
access-list 105 permit udp any any eq isakmp
access-list 105 permit tcp any 192.168.1.0 0.0.0.255
eq smtp
access-list 105 permit tcp any 192.168.1.0 0.0.0.255
eq pop3
access-list 105 permit ip 172.16.1.0 0.0.0.255
192.168.1.0 0.0.0.255
access-list 110 deny ip 192.168.1.0 0.0.0.255
172.16.1.0 0.0.0.255
access-list 110 permit ip 192.168.1.0 0.0.0.255 any
no cdp advertise-v2
no cdp run
route-map nonat permit 10
match ip address 110
!
banner exec ^C
You are accessing a private system. You are not
authorized to use this system.
Please go away !^C
banner incoming ^C
This is a private system. Unauthorized use or
tampering is prohibited. ^C
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 1
password 7 153258582C237C1B632431024131222752
login
line vty 2 4
login
!
no scheduler allocate
end
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jim Jones
Sent: Tuesday, August 14, 2001 7:59 PM
To: [EMAIL PROTECTED]
Subject: windows 2k VPN on 1700 Router [7:16104]
Can anybody give me a "heads up" on how to config a 1720 router 12.2T to
accept a VPN tunnel across the internet from a win 2k box?
Thanks,
xw
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16176&t=16104
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
