Simple road warrior IPv4 VPN configuration in Cisco IOS

ios ipv4 vpn cisco

You're looking for a remote access VPN. Cisco Docs

Also you should probably look at the Cisco Secure VPN Client Solutions Guide


Here's what I've come up with, this should be a decent starting point for creating a VPN configuration. I'm not sure that it's minimal per se, but it should get anybody that's looking for this up and running.

The Cisco Secure VPN Client Solutions Guide that Zypher pointed to was very useful for creating this - there are some good examples in there if you can sift through it.

aaa new-model

! Create a vpn-users DB that points to the local auth service
aaa authentication login vpn-users local
aaa authorization network vpn-users local

! any local user will be allowed to use the VPN
username fred secret 5 SECRET

! Create an ISAKMP policy that handles the ISAKMP negotiation process
crypto isakmp policy 1
 encr aes
 authentication pre-share
 group 2
 lifetime 3600
crypto isakmp keepalive 120 15
crypto isakmp xauth timeout 60

! Group policy for ISAKMP
crypto isakmp client configuration group default
 key PLAINTEXT_KEY
 dns LOCAL_DNS_SERVERS
 domain LOCAL_DOMAIN
 pool vpn-dynamic-pool

! VPN clients will be assigned addresses out of this pool
ip local pool vpn-dynamic-pool 192.168.2.1 192.168.2.254

! Create transform sets that specify how the actual IPSEC traffic will be encrypted
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA-LZS esp-aes esp-sha-hmac comp-lzs

! Create IPSEC policies - any negotiated transform scheme must be specified
! in the map below
crypto dynamic-map vpn-dynamic-map 1
 set transform-set ESP-AES-128-SHA-LZS
crypto dynamic-map vpn-dynamic-map 2
 set transform-set ESP-AES-128-SHA

! 
crypto map vpn-dynamic client authentication list vpn-users
crypto map vpn-dynamic client configuration address respond
crypto map vpn-dynamic isakmp authorization list vpn-users
crypto map vpn-dynamic 1 ipsec-isakmp dynamic vpn-dynamic-map

! Apply the IPSEC map to the external interface
interface ExternalInterface/0
 crypto map vpn-dynamic

Related

Running sinatra program [Kibana] behind nginx reverse proxy in web directory
KVM snapshotting. How to see what's inside the qcow2 file?
Explorer dies on XP Pro in a Windows 2003 network
Windows Server 2003 forgets folder shares from ISCSI-Volume after restart
ProFTPD - Failed to retrieve directory listing while using TLS
Is there difference if you are running 32bit Linux on low end VPS instead of 64bit in memory consumption?
Child Domain Migration to Parent Domain
Is there a common term for source and destination? [closed]
"Knowledgeable about" vs. "knowledgeable on" vs. "knowledgeable in"
What's an evidential basis for discussing gender-neutrality of terms? [closed]
Why does a Cheshire cat grin, and how long has it been doing so?
Is "Where do you sit?" correct for asking someone where their workspace is?