Cisco SOHO 97 / ADSL / VPN Nomade

Voici une configuration pour le modem routeur Cisco Soho 97 avec une connexion ADSL classique et un VPN nomade :

Current configuration : 2945 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco
!
boot-start-marker
boot-end-marker
!
enable password xxx
!
no aaa new-model
!
resource policy
!
!
!
ip cef
!
!
!
username cisco password 0 cisco
!
!
!
crypto isakmp policy 1
authentication pre-share
!
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group vpn-group
key vpn-key
domain xxx
dns xxxx xxxx
pool dhcp-client-vpn
acl 106
!
!
crypto ipsec transform-set tr-null-sha esp-null esp-sha-hmac
crypto ipsec transform-set tr-des-md5 esp-des esp-md5-hmac
crypto ipsec transform-set tr-des-sha esp-des esp-sha-hmac
crypto ipsec transform-set tr-3des-sha esp-3des esp-sha-hmac
!
!
!
crypto dynamic-map vpn-group 1
!
crypto dynamic-map vpnusers 1
set transform-set tr-des-md5
!
!
!
crypto map cm-cryptomap client authentication list userlist
crypto map cm-cryptomap isakmp authorization list grouplist
crypto map cm-cryptomap client configuration address respond
crypto map cm-cryptomap 65000 ipsec-isakmp dynamic vpnusers
!
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
hold-queue 100 out
crypto map cm-cryptomap
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname xxx
ppp chap password xxx
ppp ipcp dns request
ppp ipcp wins request
crypto map cm-cryptomap
hold-queue 224 in
!
ip local pool dhcp-client-vpn 192.168.2.100 192.168.2.110
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.1.0 255.255.255.0 Dialer1
ip route 192.168.2.0 255.255.255.0 Dialer1
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static 192.168.1.xx interface Dialer1
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 106 permit ip 192.168.1.0 0.0.0.255 any
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password xxx
login
!
scheduler max-task-time 5000
end

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.