Top Panel
Top Panel
Top Panel
Remote Access IPsec. Cisco IOS router as an ezVPN Server PDF Print E-mail
Written by Alexei Spirin   
Wednesday, 16 July 2008 17:48
IOS Config: IPSec ezVPN Server with local authentication
aaa authentication login aaaVPN local
aaa authorization network aaaVPN local
username UserTest privilege 0 secret PleaseChangeMe!
crypto isakmp policy 10
hash sha
encryption aes
authentication pre-share
group 2
crypto isakmp client configuration group grpVPN
pool poolVPN
acl aclSPLIT
dns !Internal DNS-server
domain mycompany.local
split-dns mycompany.local
key PleaseChangeMe!
crypto isakmp profile ikePRF1
match identity group grpVPN
client authentication list aaaVPN
isakmp authorization list aaaVPN
client configuration address respond
virtual-template 1
crypto ipsec transform-set ts1 esp-aes 256 esp-sha-hmac
crypto ipsec profile crPRF1
set transform-set ts1
interface Loopback0
ip address
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
tunnel mode ipsec ipv4
tunnel protection ipsec profile crPRF1
ip local pool poolVPN
ip access-list extended aclSPLIT
permit ip

Some notes:

User authentication done via local router database is considered as an address range for corporate network is considered as VPN user address range

To successfully connect user must know group name and group key (grpVPN and PLeaseChangeMe! in this example) and personal login and password (UserTest and PLeaseChangeMe! in this example)

Cisco ezVPN configuration examples

Cisco IOS Security Configuration Guide, Release 12.4T

Last Updated on Monday, 28 February 2011 13:33