1. Home
  2. Cisco Systems
  3. Setting up VPN on a Cisco 1712

Setting up VPN on a Cisco 1712

I have been asked to setup a full VPN solution for company X. A Cisco

1712 has been purchased and I'm playing around with the setup now. When it was bought we where kinda hoping that the SDM quick configuration system would allow VPN setup, but as far as I can see it can only be done thru IOS.

I would like the router to use IPsec towards the domain. Like using the domain username and passwords to authenticate the users. I would also like NetBios names to relay over to the clients connecting so that users can browse network neighbourhood and use UNC paths such as \\\\servername\\share

Is there any tools/software I can download to get a GUI of the setup? Is there any good documentation on settings this up anywhere? I have searched all over Google without any satisfying hits.

Appreciate any suggestions made!

Thanks!

Reidar Westvik Senior Systems Engineer

Escape Business Technologies

5 Carden Place Aberdeen AB10 1UT T: 01224 630600
Reply to
Ray
Loading thread data ...

IOS will not transmit NETBIOS broadcast traffic across a VPN tunnel. You will need to setup WINS to provide NETBIOS name resolution.

Reply to
Merv

I couldn't find an example for this common scenario, so here is what I made up: crypto isakmp policy 100 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key keystring address 1.2.3.4 ! crypto ipsec transform-set MYTRANSFORMSET esp-3des esp-md5-hmac ! crypto map MYMAP 10 ipsec-isakmp set peer 1.2.3.4 set transform-set MYTRANSFORMSET set pfs group2 match address 101 ! interface ATM0 no ip address dsl operating-mode auto no shut ! interface ATM0.1 point-to-point pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet0 ip address 192.268.10.1 255.255.255.0 ip nat inside no shut ! interface Dialer0 ip address negotiated ip nat outside encapsulation ppp dialer pool 1 no cdp enable ppp authentication chap pap callin ppp chap hostname snipped-for-privacy@dslprovider.com ppp chap password 0 dslpassword ppp pap sent-username snipped-for-privacy@dslprovider.com password 0 dslpassword crypto map MYMAP no shut ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ! ip nat inside source list 100 interface Dialer0 overload ! access-list 100 deny ip any 192.168.20.0 0.0.0.255 access-list 100 permit ip 192.168.10.0 0.0.0.255 any ! access-list 101 permit ip any 192.168.20.0 0.0.0.255 ! end

This allows Internet access (via PAT) as well as inter-office IPSec VPN over the internet (via ADSL).

This, however, would not allow multicasts go through. For this you'd need to make a GRE tunnel, and IPSec that one. An example is:

formatting link
(single line)

Cheers, A'

Reply to
cant

Thanks for your reply,

As i'm a newb i don't really know what to do with the info above. Is it a config script?

I'm really looking for a GUI to slap on top of the config, so I dont have to use IOS.

Cheers Ray

Reply to
Ray

It is, and it's a template, really (you'd have to change the addressing, as a minimum). Also, you should tailor your access lists and filter incoming traffic on your extenal interface, as well as harden the router config in general (stop unneeded services, use strong authenmtication and dedicated stations for admin access, etc.).

Cisco is not the best vendor for this. I haven't managed to use their GUI tool that comes for the 877 router, but from what I've seen it only allows rudimentary configuration (i.e. no IPSec).

Cheers, A'

Reply to
cant

Ray schrieb:

Buy a Netgear and use the wizzard.

(Don't forget forget the daily reboot)

Reply to
Uli Link

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.