Cisco Systems Cisco Router as a VPN server and a Microsoft Client
Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Cisco Router as a VPN server and a Microsoft Client Nyerere 04-25-07
Posted by Nyerere on April 25, 2007, 2:59 pm
Please log in for more thread options
I need to connect a Windows XP VPN client to a Cisco 1721 router
configured as a VPN server but I'm experincing a lot of problems. My
router config is as follows:

!
aaa new-
model
!
aaa authentication login LOCAL_DB
local
aaa authorization network LOCAL_DB local
!
aaa session-id common
!
username test privilege 15 secret 5 XXXXXXXXXXX
!
crypto isakmp policy
1
encr
aes
authentication pre-
share
group
2
no crypto isakmp
ccm
!
crypto isakmp client configuration group
REMOTE_VPN
key
letmein
dns
172.16.1.2
domain
test.co.za
pool
TEST_VPN_POOL
max-users
10
netmask
255.255.255.0
!
!
crypto ipsec transform-set TEST_SET esp-aes esp-sha-hmac
!
crypto dynamic-map REMOTE_CLIENT_MAP
1
set transform-set
TEST_SET
reverse-
route
!
crypto map COMMED_VPN client authentication list
LOCAL_DB
crypto map COMMED_VPN isakmp authorization list
LOCAL_DB
crypto map COMMED_VPN client configuration address
respond
crypto map COMMED_VPN 100 ipsec-isakmp dynamic
REMOTE_CLIENT_MAP
!
interface Serial0/0/0
bandwidth
512
ip address XXX.XXX.XXX.XXX
255.255.255.252
ip nbar protocol-
discovery
ip flow
ingress
ip flow
egress
ip nat
outside
ip ips sdm_ips_rule
in
ip virtual-
reassembly
ip route-cache
flow
crypto map
COMMED_VPN
!
ip local pool TEST_VPN_POOL 172.16.22.10 172.16.22.20
!


I still cannot connect via my Windows XP client. Please help

Regards
Ayanda


Posted by Mike Rahl on April 26, 2007, 11:10 am
Please log in for more thread options
> I need to connect a Windows XP VPN client to a Cisco 1721 router
> configured as a VPN server but I'm experincing a lot of problems. My
> router config is as follows:
>
> !
> aaa new-
> model
> !
> aaa authentication login LOCAL_DB
> local
> aaa authorization network LOCAL_DB local
> !
> aaa session-id common
> !
> username test privilege 15 secret 5 XXXXXXXXXXX
> !
> crypto isakmp policy
> 1
> encr
> aes
> authentication pre-
> share
> group
> 2
> no crypto isakmp
> ccm
> !
> crypto isakmp client configuration group
> REMOTE_VPN
> key
> letmein
> dns
> 172.16.1.2
> domain
> test.co.za
> pool
> TEST_VPN_POOL
> max-users
> 10
> netmask
> 255.255.255.0
> !
> !
> crypto ipsec transform-set TEST_SET esp-aes esp-sha-hmac
> !
> crypto dynamic-map REMOTE_CLIENT_MAP
> 1
> set transform-set
> TEST_SET
> reverse-
> route
> !
> crypto map COMMED_VPN client authentication list
> LOCAL_DB
> crypto map COMMED_VPN isakmp authorization list
> LOCAL_DB
> crypto map COMMED_VPN client configuration address
> respond
> crypto map COMMED_VPN 100 ipsec-isakmp dynamic
> REMOTE_CLIENT_MAP
> !
> interface Serial0/0/0
> bandwidth
> 512
> ip address XXX.XXX.XXX.XXX
> 255.255.255.252
> ip nbar protocol-
> discovery
> ip flow
> ingress
> ip flow
> egress
> ip nat
> outside
> ip ips sdm_ips_rule
> in
> ip virtual-
> reassembly
> ip route-cache
> flow
> crypto map
> COMMED_VPN
> !
> ip local pool TEST_VPN_POOL 172.16.22.10 172.16.22.20
> !
>
> I still cannot connect via my Windows XP client. Please help
>
> Regards
> Ayanda



I believe the Microsoft VPN client uses PPTP, not IPSEC. This article
might be of help to you

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00801e51e2.shtml


Posted by Al on April 26, 2007, 2:06 pm
Please log in for more thread options
> I need to connect a Windows XP VPN client to a Cisco 1721 router
> configured as a VPN server but I'm experincing a lot of problems. My
> router config is as follows:
>
> !
> aaa new-
> model
> !
> aaa authentication login LOCAL_DB
> local
> aaa authorization network LOCAL_DB local
> !
> aaa session-id common
> !
> username test privilege 15 secret 5 XXXXXXXXXXX
> !
> crypto isakmp policy
> 1
> encr
> aes
> authentication pre-
> share
> group
> 2
> no crypto isakmp
> ccm
> !
> crypto isakmp client configuration group
> REMOTE_VPN
> key
> letmein
> dns
> 172.16.1.2
> domain
> test.co.za
> pool
> TEST_VPN_POOL
> max-users
> 10
> netmask
> 255.255.255.0
> !
> !
> crypto ipsec transform-set TEST_SET esp-aes esp-sha-hmac
> !
> crypto dynamic-map REMOTE_CLIENT_MAP
> 1
> set transform-set
> TEST_SET
> reverse-
> route
> !
> crypto map COMMED_VPN client authentication list
> LOCAL_DB
> crypto map COMMED_VPN isakmp authorization list
> LOCAL_DB
> crypto map COMMED_VPN client configuration address
> respond
> crypto map COMMED_VPN 100 ipsec-isakmp dynamic
> REMOTE_CLIENT_MAP
> !
> interface Serial0/0/0
> bandwidth
> 512
> ip address XXX.XXX.XXX.XXX
> 255.255.255.252
> ip nbar protocol-
> discovery
> ip flow
> ingress
> ip flow
> egress
> ip nat
> outside
> ip ips sdm_ips_rule
> in
> ip virtual-
> reassembly
> ip route-cache
> flow
> crypto map
> COMMED_VPN
> !
> ip local pool TEST_VPN_POOL 172.16.22.10 172.16.22.20
> !
>
> I still cannot connect via my Windows XP client. Please help
>
> Regards
> Ayanda

Have a look at:
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00801e51e2.shtml


Similar ThreadsPosted
Cisco Router as a VPN server and a Microsoft Client April 25, 2007, 2:59 pm
Cisco DHCP server and Microsoft DNS server September 11, 2007, 4:02 am
IPSEC Microsoft IAS Authentication - Cisco VPN Client August 16, 2006, 10:47 am
Microsoft IAS, PIX 515 and MS VPN Client January 2, 2006, 8:50 pm
Use Microsoft VPN Client OUTBOUND through PIX 501 May 12, 2006, 6:05 pm
Aironet 1200 with Microsoft radius server July 8, 2005, 3:31 pm
VPN 3000 Concentrator and Microsoft VPN Client March 5, 2006, 4:30 am
WE ARE BUYING SOFTWARE - WINDOWS VISTA, XP PRO, WIN2K PRO, HOME, 98SE, 98, 95, NT 4.0, OFFICE, SERVER INCLUDES MICROSOFT, DELL, COMPAQ, IBM, HP OR ANY OTHER OEM PACKAGES as well as Retail Box or just media kits. June 9, 2007, 6:08 pm
Cisco VPN client software and Windows 2000 Server May 18, 2006, 1:59 am
Cisco VPN Client and Widows 2000 server hassles May 20, 2006, 2:39 am
Setting up a router with 29 Global IPs, BUT can't ping router internal interface from server or server interface from router December 11, 2005, 10:37 am
Linux AnyConnect client ID to ASA server as win client? October 14, 2008, 10:18 pm
NTP Server on a Cisco Router March 19, 2008, 6:06 am
Turn a Cisco Router into a DNS server March 23, 2006, 5:58 pm
Can a Cisco router act as a syslog *server*? December 13, 2008, 8:00 am
Residential Cabling Guide

Home Cabling Guide

Finally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language!

Learn More