SOURCECODEBD.NET

Live Experience

10. CONFIGURE CISCO EASY VPN SERVER AND CLIENT (ROUTER)

HOW TO CONFIGURE CISCO EASY VPN SERVER AND CLIENT (ROUTER) 
 
Interface IP Address Configuration 
 
R2 
 
Interface  IP Address   Subnet Mask 
S 2/0     1.1.1.2   255.0.0.0 
E 3/0     20.1.1.1   255.0.0.0 
 
R1 
 
Interface  IP Address   Subnet Mask 
S 0/2      1.1.1.1   255.0.0.0 
Fa 0/0     10.1.1.1   255.0.0.0 
PC 1       10.1.1.20   255.0.0.0
 
Task  
 
Configure the client in network-extension mode. 
Create reverse-route on the server and a static route in client to reach server. 
Do not telnet until the VPN tunnel is established. 
 
R2 
 
aaa new-model 
aaa authentication login xyz none
aaa authorization network lauthor local 
 
Crypto isakmp policy 10 
Encryption 3des 
Hash md5 
Authentication pre-share 
Group 2 
 
IP local pool p1 30.1.1.1 30.1.1.100 
 
Crypto isakmp client cocnfiguration group group1 
Key cisco123 
Pool p1 
 
crypto ipsec transform-set set1 esp-3des esp-md5-hmac 
 
Crypto dynamic-map dmap1 10 
Set transform-set set1 
Reverse-route 
 
Crypto map map1 10 ipsec-isakmp dynamic map1 
Crypto map map1 client configuration address respond 
Crypto map map1 isakmp authorization list lauthor 
 
Line vty 0 4 
Login authentication xyz 
 
Int s2/0 
Crypto map map1 
 
 
R1 
 
Crypto ipsec client ezvpn vpn1 
Group group1 key cisco123 
Peer 1.1.1.2 
Connect auto 
Mode network-extension 
 
Int fa0/0 
Crypto ipsec client ezvpn vpn1 inside
 
Int s0/2 
Crypto ipsec client ezvpn vpn1 outside 
 
Ip route 20.0.0.0 255.0.0.0 1.1.1.2 
 
 
Verification : 
 
R2#show crypto isakmp sa
 
The output displays a connection-id and quick mode state denoting SA is created 
 
R2#show crypto ipsec sa
 
The output displays packets being encrypted and decrypted. 
 
R1#show crypto ipsec client ezvpn
 
The  output  displays  current  state  for  IPSec  as  active  that  indicates  the  tunnel  is 
established. 
 
If mode client configured on the client side, the client does nat translations. 
 
R1#show ip nat translations
 
The output displays the client doing nat translations. This happens only if the client is 
configured in ‘client mode’. 
 
R2#show ip route
 
The static route for 30.0.0.0 network is automatically created because of the reverse-route 
configured in the server. 
 
R2#show ip local pool
 
The output shows the ip address in the pool.
You are here: Home / VPN / HOW TO CONFIGURE CISCO EASY VPN SERVER AND CLIENT (ROUTER)