Cisco VPN

dratnoldratnol Member Posts: 65 ■■□□□□□□□□
Well, I have a new router that I need to get a VPN setup on. I am not much of a Cisco guy and I am not having much luck with this. I have a 2801 router with IOS 12.4(3h) and SDM v 2.4. There is a GUI wizard but I am not having luck with it. Ideally I would like to have this query my IAS server for auth but I would settle for just creating a user on the router for now. Does anyone have some suggestions or sites I could try? I am starting to think that using the command line interface might be an easier option.

Comments

  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    The Complete Cisco VPN Configuration Guide is a great book. It may seem like overkill right now but it is extremely well written and goes from no IPSec knowledge to mastering it on all things Cisco. The later chapters are broken up by device so you can read the IPsec primer and then just study the Router chapters for configuration.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • hypnotoadhypnotoad Banned Posts: 915
    Your milage may vary with different routers, but here's the high-level overview on mine:

    Create a AAA server group that has your server's RADIUS settings.

    The users authenticate to an IPSec tunnel group (using the outside interface IP) probably using a pre-shared key. This is saved in the VPN Client configuration.

    Then they authenticate to your IAS server (create a server "group policy" (no not windows group policy) and make the names match up in IAS and in SDM, and set your group policy authentication mode in SDM to xauth with the AAA server you created).

    IAS does RADIUS, so you will only need Authentication. Anything about Authorization and Accounting in SDM can probably be ignored.

    Also, you're probably going to have trouble testing the VPN if you're on the inside and your VPN is running on the outside.

    And finally...you probably need to have to the router do DHCP services over the VPN, and specify your DNS servers, etc.

    Edit: also make sure no firewall is interferring with the path from your router to your IAS server.
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    What is the code version? not all code versions support crypto.
    The only easy day was yesterday!
Sign In or Register to comment.