cisco:cryptoipsecclient
Questa è una vecchia versione del documento!
Cisco Crypto MAP IPSec VPN Client
Quando si vuole dare l'accesso tramite Cisco VPN seguire queste indicazioni che riporto senza modificare, in quanto, mai testate.
aaa new-model ! !--- In order to enable Xauth for user authentication, !--- enable the aaa authentication commands. aaa authentication login userauthen local aaa authorization network groupauthor local ! aaa session-id common ! resource policy ! ! !--- For local authentication of the IPsec user, !--- create the user with a password. username user password 0 cisco ! ! ! !--- Create an Internet Security Association and !--- Key Management Protocol (ISAKMP) policy for Phase 1 negotiations. crypto isakmp policy 3 encr 3des authentication pre-share group 2 !--- Create a group that is used to specify the !--- WINS and DNS server addresses to the VPN Client, !--- along with the pre-shared key for authentication. crypto isakmp client configuration group vpnclient key 1z2x3c4v5b6n7m8 dns 195.72.193.1 195.72.193.2 pool VPNPOOL ! ! ! !--- Create the Phase 2 Policy for actual data encryption. crypto ipsec transform-set VPNClients-transformset esp-3des esp-md5-hmac ! ! ! ! ! !--- Create a dynamic map and apply !--- the transform set that was created earlier. ! crypto dynamic-map dynmap 10 set transform-set VPNClients-transformset reverse-route ! !--- Create the actual crypto map, !--- and apply the AAA lists that were created earlier. ! crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynmap ! ! ! ! ! !--- Create the loopback interface for the VPN user traffic interface Loopback0 description Loopback per VPN Client Traffic ip address 10.11.0.1 255.255.255.0 ip nat inside ip virtual-reassembly ! ! ! ! !--- Apply the crypto map on the interface. interface Ethernet0 ip policy route-map VPN-Client crypto map clientmap ! ! ! ! !--- Create a pool of addresses to be !--- assigned to the VPN Clients. ! ip local pool ippool 192.9.201.1 192.9.201.254 ! ! ! !--- Interesting traffic used for policy route. ! ip access-list extended IP4_VPN_TRAFFIC permit ip 192.9.201.0 0.0.0.255 any ! ! !--- Configures the route map to match the interesting traffic (access list 144) !--- and routes the traffic to next hop address 10.11.0.2. ! ! route-map VPN-Client permit 10 match ip address IP4_VPN_TRAFFIC set ip next-hop 10.11.0.2 ! ! end
cisco/cryptoipsecclient.1394198613.txt.gz · Ultima modifica: 28/03/2024 22:24 (modifica esterna)