[VPN] Re: Best way to setup VPN for clients?
Aida Lumbreras
aidamx at kukulkan.net
Sun Jun 12 16:40:13 EDT 2005
The easiest and faster would be to configure cisco vpn clients. You
can download the software from the following link:
http://www.cisco.com/cgi-bin/tablebuild.pl/vpnclient-3des
and redistribute it to your colleges.
And here are the steps to configure cvpn client on the pix:
Define a pool of address to assign the clients
ip local pool poolclient 10.1.2.1-10.1.2.254
Configure Phase 1 and Phase 2
PHASE 1
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp enable outside
isakmp nat-traversal 20
PHASE 2
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
VPN CLIENT
vpngroup vpn3000 address-pool poolclient
vpngroup vpn3000 dns-server <ip address>
vpngroup vpn3000 wins-server <ip address>
vpngroup vpn3000 split-tunnel split
vpngroup vpn3000 idle-time 1800
vpngroup vpn3000 password <type a password>
access-list split permit ip <internal network> 255.255.255.0
10.1.2.0 255.255.255.0
access-list nonat permit ip <internal network> 255.255.255.0 10.1.2.0
255.255.255.0
nat (inside) 0 access-list nonat
Hope this helps!
Aida Lumbreras
More information about the VPN
mailing list