Cisco VPN Client Configuration - Setup for IOS Router
-
Upload
fg272056423 -
Category
Documents
-
view
240 -
download
0
Transcript of Cisco VPN Client Configuration - Setup for IOS Router
-
7/27/2019 Cisco VPN Client Configuration - Setup for IOS Router
1/12
/16/12 Cisco VPN Client Configuration - Setup for IOS Router
1ww.f irewall.cx/cisc o-technical-knowledgebase/cisco-routers/809-cisco-router-vpn-client.html?tmpl
Cisco VPN Client Configuration - Setup for IOS Router(16 votes, average 4.63 out of 5)
Written by Adminis trator
Saturday, 10 September 2011 00:35
Remote VPN access is an extremely popular service amongst Cisco routers and ASA Firewalls. The flexibility of having remo
access to our corporate network and its resources literally from anywhere in the world, has proven extremely useful and
many cases irreplaceable. All that is required is fast Internet connection and your user credentials to log in all the rest ar
taken care by your Cisco router or firewall appliance.
To initiate the connection, we us e the Cisco VPN client, available for Windows operating systems (XP, Vista, Windows 7 - 32
64bit), Linux, Mac OS X10.4 & 10.5 and Solaris UltraSPARC (32 & 64bit), making it widely available for most users around th
globe. Cisco VPN Clients are available for download from ourCisco Download section.
The Cisco VPN also introduces the concept of Split Tunneling'. Split tunneling is a feature that allows a remote VPN clien
access the company's LAN, but at the same time surf the Internet. In this setup, only traffic des tined to the company's LAN
sent through the VPN tunnel (encrypted) while all other traffic (Internet) is routed normally as it would if the user was n
connected to the company VPN.
Some companies have a strict policy that does not allow the remote VPN client access the Internet while connected to th
company network (split tunneling disabled) while others allow res tricted access to the Internet via the VPN tunnel (rare)! In th
case, all traffic is tunnelled through the VPN and there's usually a web proxy that will provide the remote client restricte
Internet access.
From all the above, split tunneling is the most common configuration of Cisco VPN configuration today, however fo
educational purposes, we will be covering all methods.
Setting up a Cisco router to accept remote Cisco VPN clients is not an extremely difficult task. Following each step shown this article will guarantee it will work flawlessly.
Below is a typical diagram of a company network providing VPN access to remote users in order to access the company
network resources.
The VPN established is an IPSec secure tunnel and all traffic is encrypted using the configured encryption algorithm:
TweetTweetShareShare Like Send 66 people like this. Sign
Up to see what your
friends like.
http://www.facebook.com/campaign/landing.php?campaign_id=137675572948107&partner_id=firewall.cx&placement=like_plugin&extra_1=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html%3Ftmpl%3Dcomponent%26print%3D1%26page&extra_2=CAhttps://twitter.com/intent/tweet?original_referer=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html%3Ftmpl%3Dcomponent%26print%3D1%26page%3D&text=Cisco%20VPN%20Client%20Configuration%20-%20Setup%20for%20IOS%20Router&tw_p=tweetbutton&url=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.htmlhttp://www.firewall.cx/downloads/cat_view/167-cisco-tools-a-applications.htmlhttp://www.addthis.com/bookmark.phphttp://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/809-cisco-router-vpn-client.html# -
7/27/2019 Cisco VPN Client Configuration - Setup for IOS Router
2/12
/16/12 Cisco VPN Client Configuration - Setup for IOS Router
2ww.f irewall.cx/cisc o-technical-knowledgebase/cisco-routers/809-cisco-router-vpn-client.html?tmpl
The Cisco IPSec VPN has two levels of protection as far as credentials concern. The remote client must have valid grou
authentication credential, followed by valid user credential.
The group credentials are entered once and s tored in the VPN connection entry, however the user credentials are not store
and requested every time a connection is established:
We should note that configuring your router to support Point-to-Point Tunnel Protocol VPN (PPTP) is an alternative method an
covered on ourCisco PPTP Router Configuration article, however PPTP VPN is an older, less secure and less flexib
solution. We highly recommend us ing Cis co IPSec VPN only.
In order to configure Cisco IPSec VPN client support, the router must be running at least the 'Advanced Security' IOS otherwis
mos t of the comm ands that follow wil l not be available at the CLI prompt!
To begin, we need to enable the router's 'aaa model' which stands for 'Authentication, Authorisation and Accounting'. AA
provides a method for identifying users who are logged in to a router and have access to servers or other resources.
AAA also identifies the level of acces s that has been granted to each us er and monitors user activity to produce accountin
information.
We enable the 'aaa new-model' service followed by X-Auth for user authentication and then group authentication (netwo
vpn_group_ml_1):
R1# configure terminal
R1(config)# aaa new-model
R1(config)# aaa authentication login default local
R1(config)# aaa authentication login vpn_xauth_ml_1 local
R1(config)# aaa authentication login sslvpn local
R1(config)# aaa authorization network vpn_group_ml_1 local
R1(config)# aaa session-id common
http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/329-cisco-router-pptp-server.html -
7/27/2019 Cisco VPN Client Configuration - Setup for IOS Router
3/12
/16/12 Cisco VPN Client Configuration - Setup for IOS Router
3ww.f irewall.cx/cisc o-technical-knowledgebase/cisco-routers/809-cisco-router-vpn-client.html?tmpl
When trying to establish an IPSec tunnel, there are two main phase negotiations where the remote client negotiates th
security policies and encryption method with the Cisco VPN router.
Now we create the user accounts that will be provided to our remote users. Each time they try to connect to our VPN, they w
be required to enter this information:
R1(config)# username adminitrator secret $cisco$firewall
R1(config)# username firewallcx secret $fir3w@ll!
We next create an Internet Security Association and Key Management Protocol (ISAKMP) policy for Phase 1 negotiations. this example, we've create two ISAKMP policies, and configure the encryption (encr), authentication method, hash algorith
and set the Diffie-Hellman group:
R1(config)# crypto isakmp policy 1
R1(config-isakmp)# encr 3des
R1(config-isakmp)# authentication pre-share
R1(config-isakmp)# group 2
R1(config-isakmp)#
R1(config-isakmp)#crypto isakmp policy 2
R1(config-isakmp)# encr 3des
R1(config-isakmp)# hash md5R1(config-isakmp)# authentication pre-share
R1(config-isakmp)# group 2
R1(config-isakmp)# exit
We now create a group and configure the DNS server and other parameters as required. These parameters are passed dow
to the client as s oon as it success fully authenticates to the group:
R1(config)# crypto isakmp client configuration group CCLIENT-VPN
R1(config-isakmp-group)# key firewall.cx
R1(config-isakmp-group)# dns 10.0.0.10
R1(config-isakmp-group)# pool VPN-PoolR1(config-isakmp-group)# acl 120
R1(config-isakmp-group)# max-users 5
R1(config-isakmp-group)# exit
R1(config)# ip local pool VPN-Pool 192.168.0.20 192.168.0.25
The above configuration is for the 'CCLIENT-VPN' group with a pre-share key (authentication method configured previously)
'firewall.cx'. Users authenticating to this group will have theirDNS set to 10.0.0.10. A maximum of5 users are allowed
connect simultaneously to this group and will have access to the resources governed by access-list 120.
Lastly, users authenticating to this group will obtain their IP address from the pool named 'VPN-Pool' that provides the range
IP address: 192.168.0.20 up to 192.168.0.25.
Creation of the Phase 2 Policy is next. This is for actual data encryption & IPSec phase 2 authentication:
R1(config)# crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
R1(cfg-crypto-trans)#
The transformation named 'encrypto-method-1 ' is then applied to an IPSec profile named 'VPN-Profile-1 ':
R1(config)# crypto ipsec profile VPN-Profile-1
R1(ipsec-profile)# set transform-set encrypt-method-1
-
7/27/2019 Cisco VPN Client Configuration - Setup for IOS Router
4/12
/16/12 Cisco VPN Client Configuration - Setup for IOS Router
4ww.f irewall.cx/cisc o-technical-knowledgebase/cisco-routers/809-cisco-router-vpn-client.html?tmpl
Note the encryption and authentication method of our IPSec crypto tunnel as shown by a connected VPN client to the rout
with the above configuration:
Now its time to start binding all the above together by creating a virtual-template interface that will act as a 'virtual interface' fo
our incoming VPN clients. Remote VPN clients will obtain an IP address that is part of our internal network (see diagra
above - 192.168.0.x/24) so we therefore do not require this virtual interface to have an ip address and configure it as an '
unnumbered' interface on our router's LAN interface.
Setting an interface as an ip unnum bered enables IP process ing through i t without ass igning an explicit IP address , howev
you must bind it to a physical interface that does have an IP address configured, usually your LAN interface:
R1(config)# interface Virtual-Template2 type tunnel
R1(config-if)# ip unnumbered FastEthernet0/0
R1(config-if)# tunnel mode ipsec ipv4
R1(config-if)# tunnel protection ipsec profile VPN-Profile-1
Above, our virtual template also inherits our configured encryption method via the 'ipsec profile VPN-Profile-1' comman
which sets the transform method to 'encrypt-method-1' (check previous configuration block) which in turn equals to 'esp-3de
esp-sha-hmac '.
Notice how Cisco's CLI configuration follows a logical structure. You configure specific parameters which are then used
other sections of the configuration. If this logic is understood by the engineer, then decoding any given Cisco configuratio
becomes an easy task.
So far we've enabled the authentication mechanisms (aaa), created an ISAKMP policy, created the VPN group and set it
parameters, configured the encryption method (transform-set) and binded it to the virtual template the remote VPN user w
connect to.
Second-last step is to create one last ISAKMP profile to connect the VPN group with the virtual template:
R1(config)# crypto isakmp profile vpn-ike-profile-1
R1(conf-isa-prof)# match identity group CCLIENT-VPN
R1(conf-isa-prof)# client authentication list vpn_xauth_ml_1
R1(conf-isa-prof)# isakmp authorization list vpn_group_ml_1
-
7/27/2019 Cisco VPN Client Configuration - Setup for IOS Router
5/12
/16/12 Cisco VPN Client Configuration - Setup for IOS Router
5ww.f irewall.cx/cisc o-technical-knowledgebase/cisco-routers/809-cisco-router-vpn-client.html?tmpl
R1(conf-isa-prof)# client configuration address respond
R1(conf-isa-prof)# virtual-template 2
Last step is the creation of our access lists that will control the VPN traffic to be tunnelled, effectively controlling what our VP
users are able to access remotely.
Once that's done, we need to add a 'no NAT' statement so that traffic exiting the router and heading toward the VPN user i
preserved with its private IP address, otherwise packets sent through the tunnel by the router, wi ll be NAT'ed and therefo
rejected by the remote VPN Client.
When NAT is enabled through a VPN tunnel, the remote user sees the tunnelled traffic coming from the router's public
address , when in fact it should be from the router's private IP address.
We ass ume the following s tandard NAT configuration to provide Internet access to the company's LAN network:
R1#show running-config
ip nat inside source list 100 interface Dialer1 overload
access-list 100 remark -=[Internet NAT Service]=-
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 100 remark
Based on the above, we proceed with our configuration. First, we need to restrict access to our remote VPN users , so that th
only access our SQL server with IP address 192.168.0.6 (access-list 120), then we deny NAT (access-list 100) to our remo
VPN Pool IP range:
R1(config)# access-list 120 remark ==[Cisco VPN Users]==
R1(config)# access-list 120 permit ip host 192.168.0.6 host 192.168.0.20
R1(config)# access-list 120 permit ip host 192.168.0.6 host 192.168.0.21
R1(config)# access-list 120 permit ip host 192.168.0.6 host 192.168.0.22
R1(config)# access-list 120 permit ip host 192.168.0.6 host 192.168.0.23
R1(config)# access-list 120 permit ip host 192.168.0.6 host 192.168.0.24
R1(config)# access-list 120 permit ip host 192.168.0.6 host 192.168.0.25
R1(config)# no access-list 100
R1(config)# access-list 100 remark [Deny NAT for VPN Clients]=-
R1(config)# access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.20
R1(config)# access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.21
R1(config)# access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.22
R1(config)# access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.23
R1(config)# access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.24
R1(config)# access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.25
R1(config)# access-list 100 remarkR1(config)# access-list 100 remark -=[Internet NAT Service]=-
R1(config)# access-list 100 permit ip 192.168.0.0 0.0.0.255 any
Note that for access-list 100, we could either 'deny ip host 192.168.0.6' to our remote clients, or as shown, deny th
192.168.0.0/24 network. What's the difference? Practically none. Denying your whole network the NAT service toward yo
remote clients, will m ake it easier for any future additions.
If for example there was a need to deny NAT for another 5 servers so they can reach remote VPN clients, then the access-li
100 would need to be edited to include these new hosts, where as now it's already taken care of. Remember, with access-lis
-
7/27/2019 Cisco VPN Client Configuration - Setup for IOS Router
6/12
Cisco VPN C lient Configuration - Setup f or IOS Router
6ww.f irewall.cx/cisc o-technical-knowledgebase/cisco-routers/809-cisco-router-vpn-client.html?tmpl
100 we are simply controlling the NAT function , not the access the remote clients have (done with access-list 120 in o
example.
At this point, the Cisco VPN configuration is complete and fully functional.
Split Tunneling
We mentioned in the beginning of this article that we would cover split tunneling and full tunneling methods for our VP
clients. You'll be pleased to know that this functionality is solely determined by the group's access-lists, which our case
access-list 120.
If we wanted to tunnel all traffic from the VPN client to our network, we would use the following access-list 120 configuration:
R1(config)# access-list 120 remark ==[Cisco VPN Users]==
R1(config)# access-list 120 permit ip any host 192.168.0.20
R1(config)# access-list 120 permit ip any host 192.168.0.21
R1(config)# access-list 120 permit ip any host 192.168.0.22
R1(config)# access-list 120 permit ip any host 192.168.0.23
R1(config)# access-list 120 permit ip any host 192.168.0.24
R1(config)# access-list 120 permit ip any host 192.168.0.25
In another example, if we wanted to provide our VPN clients access to networks 10.0.0.0/24, 10.10.10.0/24 & 192.168.0.0/2
here's what the access -list 120 would look like (this scenario requires modification of NAT access -list 100 as well):
R1(config)# access-list 120 remark ==[Cisco VPN Users]==
R1(config)# access-list 120 permit ip 10.0.0.0 0.0.0.255 host 192.168.0.20
R1(config)# access-list 120 permit ip 10.0.0.0 0.0.0.255 host 192.168.0.21
R1(config)# access-list 120 permit ip 10.0.0.0 0.0.0.255 host 192.168.0.22
R1(config)# access-list 120 permit ip 10.0.0.0 0.0.0.255 host 192.168.0.23
R1(config)# access-list 120 permit ip 10.0.0.0 0.0.0.255 host 192.168.0.24
R1(config)# access-list 120 permit ip 10.0.0.0 0.0.0.255 host 192.168.0.25
R1(config)#
R1(config)# access-list 120 permit ip 10.10.10.0 0.0.0.255 host 192.168.0.20
R1(config)# access-list 120 permit ip 10.10.10.0 0.0.0.255 host 192.168.0.21
R1(config)# access-list 120 permit ip 10.10.10.0 0.0.0.255 host 192.168.0.22
R1(config)# access-list 120 permit ip 10.10.10.0 0.0.0.255 host 192.168.0.23
R1(config)# access-list 120 permit ip 10.10.10.0 0.0.0.255 host 192.168.0.24
R1(config)# access-list 120 permit ip 10.10.10.0 0.0.0.255 host 192.168.0.25
R1(config)#
R1(config)#
R1(config)# access-list 120 permit ip 192.168.0.0 0.0.0.255 host 192.168.0.20
R1(config)# access-list 120 permit ip 192.168.0.0 0.0.0.255 host 192.168.0.21
R1(config)# access-list 120 permit ip 192.168.0.0 0.0.0.255 host 192.168.0.22R1(config)# access-list 120 permit ip 192.168.0.0 0.0.0.255 host 192.168.0.23
R1(config)# access-list 120 permit ip 192.168.0.0 0.0.0.255 host 192.168.0.24
R1(config)# access-list 120 permit ip 192.168.0.0 0.0.0.255 host 192.168.0.25
R1(config)#
R1(config)#
R1(config)# no access-list 100
R1(config)# access-list 100 remark [Deny NAT for VPN Clients]=-
R1(config)# access-list 100 deny ip 10.0.0.0 0.0.0.255 host 192.168.0.20
R1(config)# access-list 100 deny ip 10.0.0.0 0.0.0.255 host 192.168.0.21
R1(config)# access-list 100 deny ip 10.0.0.0 0.0.0.255 host 192.168.0.22
-
7/27/2019 Cisco VPN Client Configuration - Setup for IOS Router
7/12
/16/12 Cisco VPN Client Configuration - Setup for IOS Router
7ww.f irewall.cx/cisc o-technical-knowledgebase/cisco-routers/809-cisco-router-vpn-client.html?tmpl
R1(config)# access-list 100 deny ip 10.0.0.0 0.0.0.255 host 192.168.0.23
R1(config)# access-list 100 deny ip 10.0.0.0 0.0.0.255 host 192.168.0.24
R1(config)# access-list 100 deny ip 10.0.0.0 0.0.0.255 host 192.168.0.25
R1(config)#
R1(config)#
R1(config)# access-list 100 deny ip 10.10.10.0 0.0.0.255 host 192.168.0.20
R1(config)# access-list 100 deny ip 10.10.10.0 0.0.0.255 host 192.168.0.21
R1(config)# access-list 100 deny ip 10.10.10.0 0.0.0.255 host 192.168.0.22
R1(config)# access-list 100 deny ip 10.10.10.0 0.0.0.255 host 192.168.0.23R1(config)# access-list 100 deny ip 10.10.10.0 0.0.0.255 host 192.168.0.24
R1(config)# access-list 100 deny ip 10.10.10.0 0.0.0.255 host 192.168.0.25
R1(config)#
R1(config)#
R1(config)# access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.20
R1(config)# access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.21
R1(config)# access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.22
R1(config)# access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.23
R1(config)# access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.24
R1(config)# access-list 100 deny ip 192.168.0.0 0.0.0.255 host 192.168.0.25
R1(config)# access-list 100 remark
R1(config)# access-list 100 remark -=[Internet NAT Service]=-
R1(config)# access-list 100 permit ip 10.0.0.0 0.0.0.255 any
R1(config)# access-list 100 permit ip 10.10.10.0 0.0.0.255 any
R1(config)# access-list 100 permit ip 192.168.0.0 0.0.0.255 any
When the VPN client connects, should we go to the connection's statistics, we would see the 3 networks under the secu
routes, indicating all traffic toward these networks is tunnelled through the VPN:
-
7/27/2019 Cisco VPN Client Configuration - Setup for IOS Router
8/12ww.f irewall.cx/cisc o-technical-knowledgebase/cisco-routers/809-cisco-router-vpn-client.html?tmpl
Cisco VPN Configuration Tips
It is evident from our last example with the tunneling of our 3 networks, that should our VPN IP address pool be larger, fo
example 50 IP addresses, then we would have to enter 50 IPs x 3 Networks = 150 lines of code just for the access-list 12
plus another 150 lines for access -list 100 (no NAT)! That is qui te a task indeed!
To help cut down the configuration to just a couple of lines , this is the alternative code that would be used and have the sam
effect:
Mark VPN Traffic to be tunnelled:
R1(config)# access-list 120 remark ==[Cisco VPN Users]==
R1(config)# access-list 120 permit ip 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255
R1(config)# access-list 120 permit ip 10.10.10.0 0.0.0.255 192.168.0.0 0.0.0.255
R1(config)# access-list 120 permit ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.0.255
Do not NAT any traffic from our LANs toward VPN clients, but NAT everything else des tined to the Internet:
R1(config)# access-list 100 remark [Deny NAT for VPN Clients]=-
R1(config)# access-list 100 deny ip 10.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255
R1(config)# access-list 100 deny ip 10.10.10.0 0.0.0.255 192.168.0.0 0.0.0.255
R1(config)# access-list 100 deny ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.0.255
R1(config)# access-list 100 remark
R1(config)# access-list 100 remark -=[Internet NAT Service]=-
R1(config)# access-list 100 permit ip 10.0.0.0 0.0.0.255 any
R1(config)# access-list 100 permit ip 10.10.10.0 0.0.0.255 any
R1(config)# access-list 100 permit ip 192.168.0.0 0.0.0.255 any
The access-list 120 tells the router to tunnel all traffic from the three networks to our VPN clients who's IP address will be i
the 192.168.0.0/24 range!
So, if the VPN client received from the VPN Pool, IP address 192.168.0.23 or 192.168.0.49, it really wouldn't matter as th
'192.168.0.0 0.0.0.255' statement at the end of each access-lis t 120 covers both 192.168.0.23 & 192.168.0.49. Even replacin
the '192.168.0.0 0.0.0.255' with the 'any' statement would have the same effect.
For 'access-list 100' that controls the NAT service, we cannot us e the 'any' statement at the end of the DENY portion of th
ACLs , because it would exclude NAT for all networks (public and private) therefore completely disabling NAT and as a resu
Internet access.
As a last note, if it was required the VPN cl ients to be provided with an IP addres s range different from that of the internnetwork (e.g 192.168.50.0/24), then the following minor changes to the configuration would have to be made:
R1(config)# crypto isakmp client configuration group CCLIENT-VPN
R1(config-isakmp-group)# key firewall.cx
R1(config-isakmp-group)# dns 10.0.0.10
R1(config-isakmp-group)# pool VPN-Pool
R1(config-isakmp-group)# acl 120
R1(config-isakmp-group)# max-users 5
R1(config-isakmp-group)# exit
R1(config)#
-
7/27/2019 Cisco VPN Client Configuration - Setup for IOS Router
9/12
/16/12 Cisco VPN Client Configuration - Setup for IOS Router
9ww.f irewall.cx/cisc o-technical-knowledgebase/cisco-routers/809-cisco-router-vpn-client.html?tmpl
R1(config)# ip local pool VPN-Pool 192.168.50.10 192.168.50.25
R1(config)#
R1(config)# interface Virtual-Template2 type tunnel
R1(config-if)# ip address 192.168.50.1 255.255.255.0
R1(config-if)# tunnel mode ipsec ipv4
R1(config-if)# tunnel protection ipsec profile VPN-Profile-1
Assuming 3 internal networks
Mark VPN Traffic to be tunnelled:
R1(config)# access-list 120 remark ==[Cisco VPN Users]==
R1(config)# access-list 120 permit ip 10.0.0.0 0.0.0.255 192.168.50.0 0.0.0.255
R1(config)# access-list 120 permit ip 10.10.10.0 0.0.0.255 192.168.50.0 0.0.0.255
R1(config)# access-list 120 permit ip 192.168.0.0 0.0.0.255 192.168.50.0 0.0.0.255
Do not NAT any traffic from our LANs toward VPN clients, but NAT everything else des tined to the Internet:
R1(config)# access-list 100 remark [Deny NAT for VPN Clients]=-
R1(config)# access-list 100 deny ip 10.0.0.0 0.0.0.255 192.168.50.0 0.0.0.255
R1(config)# access-list 100 deny ip 10.10.10.0 0.0.0.255 192.168.50.0 0.0.0.255
R1(config)# access-list 100 deny ip 192.168.0.0 0.0.0.255 192.168.50.0 0.0.0.255
R1(config)# access-list 100 remark
R1(config)# access-list 100 remark -=[Internet NAT Service]=-
R1(config)# access-list 100 permit ip 10.0.0.0 0.0.0.255 any
R1(config)# access-list 100 permit ip 10.10.10.0 0.0.0.255 any
R1(config)# access-list 100 permit ip 192.168.0.0 0.0.0.255 any
Article Summary
This article explained the fundamentals of Cisco's VPN client and features it offers to allow the remote and s ecure connectio
of users to their corporate networks from anywhere in the world.
We examined the necessary steps and commands required on a Cisco router to setup and configure it to accept Cisco VP
client connections. Detailed explanation was provided for every configuration step, along with the necessary diagrams an
screenshots.
Split tunneling was explained and covered, showing how to configure the Cisco VPN clients access only to the require
internal networks while maintaining access to the Internet.
Lastly, a few tips were presented to help make the Cisco VPN configuration a lot easier for large and more complex networks
If you have found the article useful, we would really appreciate you sharing it with others by using the provided services on th
top left corner of this article. Sharing our articles takes only a minute of your time and helps Firewall.cx reach more peopl
through such services.
Add a comment14 comments
http://www.facebook.com/mashlikethepotatohttp://www.facebook.com/mashlikethepotatohttp://www.facebook.com/pages/Knowles-Hill-School/110978425593547http://www.facebook.com/mashlikethepotatohttp://www.facebook.com/mashlikethepotatohttps://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html# -
7/27/2019 Cisco VPN Client Configuration - Setup for IOS Router
10/12
/16/12 Cisco VPN Client Configuration - Setup for IOS Router
10/1ww.f irewall.cx/cisc o-technical-knowledgebase/cisco-routers/809-cisco-router-vpn-client.html?tmpl
Hi,
I used the configuration you left under thesection...
"As a last note, if it was required the VPN clients tobe provided with an IP address range different fromthat of the internal network (e.g 192.168.50.0/24),then the following minor changes to theconfiguration need to be made...
R1(config)# interface Virtual-Template2 typetunnel.R1(config-if)# ip address 192.168.50.1255.255.255.0 ".
Unfortunately this config stops all traffic beingsent/received.
I really want the VPN clients to have differentaddresses from the LAN. Can you advise what iswrong as I can see this is an after-thought?
Reply Like Friday at 08:431
Stuart Ellis UWE
Geek
Reply Like Friday at 17:27
NHarie Prakash University ofGreenwich
good!
Reply Like 12 December at 20:261
Nima Lama
Very useful. Thanks a lot :)Reply Like 12 July at 20:093
Rama Krishna
I know an IP, how to f ind to which port is itconnected if it is in vlan..
Reply Like 9 October at 11:59
Daniel Shaffer Omaha, Nebraska
This is great. I'd been searching for a good look atthis and your was by far more helpful than anything
else I've seen! Thanks
Reply Like 24 July at 13:511
Chris Partsenidis Thessalonki
Thanks Daniel for the feedback anddon't forget to share the site withothers!
Reply Like 24 July at 14:52
Poresh Chandra Roy Dhaka, Bangladesh
I love the topics.
http://www.facebook.com/poresh.royhttp://www.facebook.com/cpartsenidishttp://www.facebook.com/cpartsenidishttps://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/sayhello2krishnahttp://www.facebook.com/sayhello2krishnahttp://www.facebook.com/nimalama2003http://www.facebook.com/nimalama2003http://www.facebook.com/nimalama2003http://www.facebook.com/harie.prakashhttps://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html%3Ffb_comment_id%3Dfbc_10150918921910085_37346008_10152344363985085&h=lAQG4CCkJ&s=1http://www.facebook.com/mashlikethepotatohttp://www.facebook.com/mashlikethepotatohttp://www.facebook.com/mashlikethepotatohttp://www.facebook.com/pages/Dhaka-Bangladesh/101889586519301http://www.facebook.com/poresh.royhttp://www.facebook.com/poresh.royhttps://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/pages/Thessalon%C3%ADki/108771489154906http://www.facebook.com/cpartsenidishttp://www.facebook.com/cpartsenidishttps://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html%3Ffb_comment_id%3Dfbc_10150918921910085_34150794_10151964284855085&h=6AQEsdnn1&s=1https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/pages/Omaha-Nebraska/113132652033783https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html%3Ffb_comment_id%3Dfbc_10150918921910085_35810479_10152176336280085&h=RAQFHMz48&s=1https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/sayhello2krishnahttp://www.facebook.com/sayhello2krishnahttps://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html%3Ffb_comment_id%3Dfbc_10150918921910085_33907966_10151927769285085&h=6AQEsdnn1&s=1https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/nimalama2003http://www.facebook.com/nimalama2003https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html%3Ffb_comment_id%3Dfbc_10150918921910085_37314368_10152340564430085&h=cAQFPyjlr&s=1https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/pages/University-of-Greenwich/113057668704990http://www.facebook.com/harie.prakashhttp://www.facebook.com/harie.prakashhttps://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/pages/UWE/106291006076236http://www.facebook.com/stuart.ellis.3158http://www.facebook.com/stuart.ellis.3158https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html%3Ffb_comment_id%3Dfbc_10150918921910085_37346008_10152344363985085&h=lAQG4CCkJ&s=1https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/pages/Knowles-Hill-School/110978425593547http://www.facebook.com/mashlikethepotatohttp://www.facebook.com/mashlikethepotato -
7/27/2019 Cisco VPN Client Configuration - Setup for IOS Router
11/12
/16/12 Cisco VPN Client Configuration - Setup for IOS Router
11/ww.f irewall.cx/cisc o-technical-knowledgebase/cisco-routers/809-cisco-router-vpn-client.html?tmpl
View 4 more
Facebook social plugin
Reply Like 26 July at 02:131
Rene Molenaar Owner at Self-employment
This is a well written configuration example for theEasy VPN IPSEC VPN with the virtual-template...thanks!
Reply Like 16 April at 13:013
Cleofas Dala Gestor de Redes integradas at
Dimension Data
I think this document is very important help me tocompreenshion all about vpn cconfiguration int therouter thanks a lot.
Reply Like 3 April at 03:141
Patrick Ware
Thank you. Very helpful! I may give this a try thisweekend!
Reply Like 27 April at 10:11
Mebaley Pierre Jessy Kevin Libreville, Gabon
sa consiste a fair quoi?
Reply Like 16 October at 02:251
Minko Le Jaune Works at DBS
INDUSTRY
A permettre a certain utilisateurnomade ou ttsimplement a certaintravailleur d'acceder au reseau de lasociete et aussi acceder a cesressources depuis chez eux...plus
besoin d'etre a son lieu de travail poureffectuer certaine tache, depuis cheztwa tu peux etre connecter sur lessystem de la boite tous ceux ci viainternet...C'est 1 peux sa le conceptederriere tous ce tralala...On dit kwa sava laba?
Reply Like 16 October at 02:40
Mebaley Pierre Jessy Kevin
Libreville, Gabon
merci sava on es la gramd
Reply Like 16 October at 02:42
Minko Le Jaune Works at DBS
INDUSTRY
Ok ma chery irma est a cote dtwa?
Reply Like 16 October at 02:43
https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/pages/DBS-INDUSTRY/224405317570516https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/pages/Libreville-Gabon/110266982329699http://www.facebook.com/mebaley.pierrejessykevinhttp://www.facebook.com/mebaley.pierrejessykevinhttps://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/pages/DBS-INDUSTRY/224405317570516https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html%3Ffb_comment_id%3Dfbc_10150918921910085_35966500_10152192987580085&h=CAQFR4pma&s=1https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/pages/Libreville-Gabon/110266982329699http://www.facebook.com/mebaley.pierrejessykevinhttp://www.facebook.com/mebaley.pierrejessykevinhttp://www.facebook.com/l.php?u=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html%3Ffb_comment_id%3Dfbc_10150918921910085_32146827_10151586861085085&h=RAQFHMz48&s=1https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/LowKeyPatrickhttp://www.facebook.com/LowKeyPatrickhttps://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html%3Ffb_comment_id%3Dfbc_10150918921910085_31528631_10151472545400085&h=uAQFhDDkq&s=1https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/pages/Dimension-Data/112191772140249http://www.facebook.com/pages/Gestor-de-Redes-integradas/114991351979711http://www.facebook.com/cleofas.dala.7http://www.facebook.com/cleofas.dala.7https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html%3Ffb_comment_id%3Dfbc_10150918921910085_31861800_10151523767000085&h=9AQHEvsuW&s=1https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/pages/Self-employment/105738962794095http://www.facebook.com/pages/Owner/124442727602022http://www.facebook.com/renemolenaar82http://www.facebook.com/renemolenaar82https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html%3Ffb_comment_id%3Dfbc_10150918921910085_34183243_10151968869160085&h=CAQFR4pma&s=1https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://www.facebook.com/poresh.royhttp://developers.facebook.com/plugins/?footer=1https://www.facebook.com/plugins/comments.php?api_key=184508111659889&locale=en_GB&sdk=joey&channel_url=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D17%23cb%3Df372bb6634%26origin%3Dhttp%253A%252F%252Fwww.firewall.cx%252Ff23d5e72f4%26domain%3Dwww.firewall.cx%26relation%3Dparent.parent&colorscheme=dark&numposts=10&width=350&href=http%3A%2F%2Fwww.firewall.cx%2Fcisco-technical-knowledgebase%2Fcisco-routers%2F809-cisco-router-vpn-client.html#http://developers.facebook.com/plugins/?footer=1 -
7/27/2019 Cisco VPN Client Configuration - Setup for IOS Router
12/12
/16/12 Cisco VPN Client Configuration - Setup for IOS Router
Last Updated on Wednesday, 03 October 2012 21:25