Easy VPN Configuration Example
Configure
7
OL-6340-01
no ftp-server write-enable
voice-card 0
no dspfarm
!
!--- IKE configuration
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp keepalive 90 12
!
crypto isakmp client configuration group VPN1
acl SPLIT_T
ip access-list extended SPLIT_T
permit ip 192.168.0.0 0.0.255.255 any
key cisco123
dns 192.168.168.183 192.168.226.120
wins 192.168.179.89 192.168.2.87
domain cisco.com
pool VPN-POOL
save-password
!
!--- IPSec configuration
!
crypto ipsec transform-set TRANSFORM-1 esp-3des esp-md5-hmac
!
crypto dynamic-map INT_MAP 1
set security-association lifetime kilobytes 530000000
set security-association lifetime seconds 14400
set transform-set TRANSFORM-1
!
!
crypto map INT_MAP client authentication list USER_AAA
crypto map INT_MAP isakmp authorization list GROUP_AAA
crypto map INT_MAP client configuration address respond
crypto map INT_MAP 30000 ipsec-isakmp dynamic INT_MAP
!
!
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
media-type rj45
no negotiation auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
no negotiation auto
!
interface ATM0/0/0
description === public interface ===
ip address 10.32.152.26 255.255.255.252
ip pim sparse-dense-mode
ip ospf network point-to-point
no atm ilmi-keepalive
pvc 10/100