Cisco SOHO 97 / ADSL / VPN Nomade
Voici une configuration pour le modem routeur Cisco Soho 97 avec une connexion ADSL classique et un VPN nomade :
Current configuration : 2945 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname cisco ! boot-start-marker boot-end-marker ! enable password xxx ! no aaa new-model ! resource policy ! ! ! ip cef ! ! ! username cisco password 0 cisco ! ! ! crypto isakmp policy 1 authentication pre-share ! crypto isakmp policy 2 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group vpn-group key vpn-key domain xxx dns xxxx xxxx pool dhcp-client-vpn acl 106 ! ! crypto ipsec transform-set tr-null-sha esp-null esp-sha-hmac crypto ipsec transform-set tr-des-md5 esp-des esp-md5-hmac crypto ipsec transform-set tr-des-sha esp-des esp-sha-hmac crypto ipsec transform-set tr-3des-sha esp-3des esp-sha-hmac ! ! ! crypto dynamic-map vpn-group 1 ! crypto dynamic-map vpnusers 1 set transform-set tr-des-md5 ! ! ! crypto map cm-cryptomap client authentication list userlist crypto map cm-cryptomap isakmp authorization list grouplist crypto map cm-cryptomap client configuration address respond crypto map cm-cryptomap 65000 ipsec-isakmp dynamic vpnusers ! ! ! interface Ethernet0 ip address 192.168.1.1 255.255.255.0 ip nat inside hold-queue 100 out crypto map cm-cryptomap ! interface ATM0 no ip address no ip mroute-cache atm vc-per-vp 64 no atm ilmi-keepalive dsl operating-mode auto pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface Dialer1 ip address negotiated ip mtu 1492 ip nat outside encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 ppp authentication chap pap callin ppp chap hostname xxx ppp chap password xxx ppp ipcp dns request ppp ipcp wins request crypto map cm-cryptomap hold-queue 224 in ! ip local pool dhcp-client-vpn 192.168.2.100 192.168.2.110 ip route 0.0.0.0 0.0.0.0 Dialer1 ip route 192.168.1.0 255.255.255.0 Dialer1 ip route 192.168.2.0 255.255.255.0 Dialer1 no ip http server no ip http secure-server ! ip nat inside source list 1 interface Dialer1 overload ip nat inside source static 192.168.1.xx interface Dialer1 ! access-list 1 permit 192.168.1.0 0.0.0.255 access-list 106 permit ip 192.168.1.0 0.0.0.255 any ! control-plane ! ! line con 0 no modem enable line aux 0 line vty 0 4 password xxx login ! scheduler max-task-time 5000 end