Download a VPN client from cisco web site and have the setup something similar to the below one
Laptop/PC--------Cisco Router
X Y
Suppose pc is having X ip address and router's ip address is Y.
!----Put AAA here i'm putting local authentication we can do otherwise aswell-----
aaa new-model
aaa authentication login userauthen local
aaa authorization network groupauthor local
username dujoshi password 0 lab
!------dujoshi will be the username and password for remote user.
!−−− Create an Internet Security Association and
!−−− Key Management Protocol (ISAKMP) policy for Phase 1 negotiations.
crypto isakmp policy 3
encr 3des
authentication pre−share
group 2
crypto isakmp client configuration group 3000client
key cisco123
dns x.x.x.x (IP address should be the same as the connected interface of router, Y in our case)
domain cisco.com
pool ippool
crypto ipsec transform−set myset esp−3des esp−sha−hmac
!
!−−− Create a dynamic map and
!−−− apply the transform set that was created above.
crypto dynamic−map dynmap 10
set transform−set myset
!
!−−− Create the actual crypto map,
!−−− and apply the aaa lists that were created earlier.
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec−isakmp dynamic dynmap
!−−− Create a pool of addresses to be assigned to the VPN Clients.
ip local pool ippool 14.1.1.100 14.1.1.200
int
crypto map clientmap
!
Now in your VPN-Client put the following
GW the ip address of your router interface (our case it's Y)
in group access information put
NAME: 300Client
PASSWORD: cisco123
Way of working in Deployment :-
==================================
Initially you'll be connected to the router using a static/dynamic ip given by your service provider to you.
say
(PC)-------(SP-ROUTER)----Internet-----(CiscoVPNServer)
Now in the above case you are free to use internet via Service Provider(SP router).
now when you want to connect to the CiscoVPNServer you will start your vncClient on your pc and you'll try to connect to the VPN.
The password prompt you'll put Your name and password.
once the authentication is done, there will be a tunnel from PC to CiscoVPNServer, and now everypacket will go via this IPSEC tunnel, now your PC would be having two IP's one VPN-IP which CiscoVPNServer has given to you.
Now everything from your PC will go to CiscoRouter and in encrypted format, and even the internet browsing will be done via Cisco Network.
Will talk more about IPSEC and VPN in other posts.
this is the simplest way to try VPN-Client and Server.
No comments:
Post a Comment