Username RouterB_xauthuser password userid mode local Than we will configure “ezvpn” with the parameters we choose at the RouterB configurationĬrypto ipsec client ezvpn VPNtoMAINOFFICE The configuration at the mainoffice is done. Now we will configure an EasyVPN group for our branch officeĬrypto isakmp client configuration group OfficeB If you have configured an access-list, don’t forget to allow the IPsec ports: We are using dialer-interfaces on both sites but you can also configure the crypto map on any other outside interfaceĪt this point you will see that the crypto service is coming up and the router is now reachable for VPN from the internet. In this example we are also using X-Auth user authentication within the VPN tunnel. Now we have to bind the crypto map to our outside interface. Username RouterB_xauthuser password will be our IPsec configurationĬrypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmacĬrypto map CompanyVPN client authentication list userauthĬrypto map CompanyVPN isakmp authorization list groupauthĬrypto map CompanyVPN client configuration address respondĬrypto map CompanyVPN 200 ipsec-isakmp dynamic DynamicPeers The configuration of the mainoffice router is as simple as providing Cisco VPN client access to roadwarriors:Īaa authorization network groupauth local The first usable IP address is assigned to the Cisco router. The IP subnet of our mainoffice is 192.168.1.0 /24 and our branch office has the subnet 192.168.2.0 /24 (yes, I want to keep it simple ^^). So the easiest way to connect a branch office router via IPsec VPN protocol to the central network address is using a Cisco EasyVPN connection with network-extension mode. In Germany some internetprovider doesn’t offer a static WAN IP address.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |