EZVPN is a client/server VPN solution where dynamic tunnels are created.
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_vpnips/configuration/12-4t/sec-sec-for-vpns-w-ipsec-12-4t-book/sec-ipsec-virt-tunnl.html

In IPSec, you need to remember 3 things.
Who
What
How

Who: Who’s the endpoint
What: Proxy ACL
How: Transform set

!!!!SERVER
!
!!Configure authentication.  Local for testing
!
aaa new-model
aaa authentication login local_list local
aaa authorization network local_list local
aaa session-id common
!        
username cisco password cisco
!
!!Create isakmp policy for phase 1.
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
 hash sha
!
!!Create IP pool
!
ip local pool group1pool 192.168.1.1 192.168.1.254
!
!!Create split tunnel ACL
!
ip access-list extended SPLIT_ACL
 permit ip 172.16.0.0 0.0.255.255 any
!
!!Isakmp phase 1.5.  Create isakmp group config.
!
crypto isakmp client configuration group group1
 key cisco
 pool group1pool
 save-password
 acl SPLIT_ACL
!
!!Isakmp dynamic profile config.  Phase 1.5
!
crypto isakmp profile vpn1-ra
   match identity group group1
   client authentication list local_list
   isakmp authorization list local_list
   client configuration address respond
   virtual-template 1
!
!!Create transform set for phase 2
!
crypto ipsec transform-set VTI-TS esp-3des esp-sha-hmac
!
!!Apply transform set to phase 2 profile.
!
crypto ipsec profile test-vti1
 set transform-set VTI-TS
!
!!Configure DVTI interface
!
interface Virtual-Template1 type tunnel
 ip unnumbered loopback0
 ip virtual-reassembly
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile test-vti1
!
!
!!!!!!CLIENT
!
!!Configure client section.
!
crypto ipsec client ezvpn xauth
 connect manual
 mode network-extension
 xauth userid mode interactive
crypto ipsec client ezvpn EZVPN_CLIENT_GROUP
 connect auto
 group group1 key cisco
 mode client
 peer 200.0.23.3
 xauth userid mode interactive
!
!!Assign inside and outside interfaces
!
interface FastEthernet0/0
 ip address 10.0.56.5 255.255.255.0
 duplex auto
 speed auto
 crypto ipsec client ezvpn EZVPN_CLIENT_GROUP inside
!
interface FastEthernet0/1
 ip address 10.0.125.5 255.255.255.0
 duplex auto
 speed auto
 crypto ipsec client ezvpn EZVPN_CLIENT_GROUP

!!!!!!!WINDOWS CLIENT

Categories: Uncategorized

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *