FBLab.it Wiki

Strumenti Utente

Strumenti Sito

Traccia: cryptoipsecclient
cisco:cryptoipsecclient

Torna all'inizio | Torna su

Cisco Crypto MAP IPSec VPN Client

Quando si vuole dare l'accesso tramite Cisco VPN Client seguire queste indicazioni che riporto senza modificare, in quanto, mai testate. 

aaa new-model
!

!--- In order to enable Xauth for user authentication, 
!--- enable the aaa authentication commands.

aaa authentication login userauthen local
aaa authorization network groupauthor local

!
aaa session-id common
!
resource policy
!
!

!--- For local authentication of the IPsec user, 
!--- create the user with a password.


username user password 0 cisco
!
!
!

!--- Create an Internet Security Association and
!--- Key Management Protocol (ISAKMP) policy for Phase 1 negotiations.


  
crypto isakmp policy 3
 encr 3des
 authentication pre-share
 group 2


!--- Create a group that is used to specify the
!--- WINS and DNS server addresses to the VPN Client, 
!--- along with the pre-shared key for authentication.


crypto isakmp client configuration group vpnclient
 key 1z2x3c4v5b6n7m8
 dns 195.72.193.1 195.72.193.2
 pool VPNPOOL
!
!
!
!--- Create the Phase 2 Policy for actual data encryption.
crypto ipsec transform-set VPNClients-transformset esp-3des esp-md5-hmac
!
!
!
!
!
!--- Create a dynamic map and apply 
!--- the transform set that was created earlier.
!
crypto dynamic-map dynmap 10
 set transform-set VPNClients-transformset
 reverse-route
!
!--- Create the actual crypto map,
!--- and apply the AAA lists that were created earlier.
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
!
!--- Create the loopback interface for the VPN user traffic
interface Loopback0
 description Loopback per VPN Client Traffic
 ip address 10.11.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
!
!
!
!--- Apply the crypto map on the interface.
interface Ethernet0
 ip policy route-map VPN-Client
 crypto map clientmap
!
!
!
!
!--- Create a pool of addresses to be 
!--- assigned to the VPN Clients.
!
ip local pool ippool 192.9.201.1 192.9.201.254
!
!
!
!--- Interesting traffic used for policy route.
!
ip access-list extended IP4_VPN_TRAFFIC
 permit ip 192.9.201.0 0.0.0.255 any
!
!
!--- Configures the route map to match the interesting traffic (access list 144)
!--- and routes the traffic to next hop address 10.11.0.2.
!
!
route-map VPN-Client permit 10
 match ip address IP4_VPN_TRAFFIC
 set ip next-hop 10.11.0.2
!
!
end
cisco/cryptoipsecclient.txt · Ultima modifica: 28/03/2024 22:24 da 127.0.0.1
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki