VPN CISCO

cliente VPN cisco :

download
http://rapidshare.de/files/48490766/vpnclient-win-msi-5.0.05.0290-k9.exe.html

Configuracion del cliente VPN cisco :

connection entry : meridiam
Description :
host: 190.41.x.x
Authentication :
Group Authentication :
Name : SALES
Password : xxxx
Transport :
IPSec over UDP



config :

aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login VPNAUTHEN local
aaa authorization exec default local
aaa authorization network VPNAUTHOR local


username xxxx privilege 15 secret 5 $1$D9eL$4yQG.FuGc7LjR1eaNj128/
username xxxx privilege 15 secret 5 $1$xQwy$IvGhyALDuBI6r8jOo1peF.
username xxxx privilege 15 secret 5 $1$QKnE$fx.fmQbSlL0zMGdg3LgvY1
username xxxx privilege 15 secret 5 $1$SCG3$A9FeqoDymTTD2plsxY5ZS.
!
!
crypto isakmp policy 3
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group SALES
key cisco123
domain cisco.com
pool IPPOOL
acl 104
netmask 255.255.255.250
!
!
crypto ipsec transform-set MYSET esp-aes 256 esp-sha-hmac
!
crypto dynamic-map DYNMAP 10
set transform-set MYSET
reverse-route
!
!
crypto map CLIENTMAP client authentication list VPNAUTHEN
crypto map CLIENTMAP isakmp authorization list VPNAUTHOR
crypto map CLIENTMAP client configuration address respond
crypto map CLIENTMAP 10 ipsec-isakmp dynamic DYNMAP

interface Vlan1
ip address 137.135.128.15 255.255.255.0 secondary
ip address 192.168.110.5 255.255.255.0
no ip redirects
ip virtual-reassembly
ip route-cache flow
load-interval 30
crypto map CLIENTMAP
hold-queue 100 out

ip local pool IPPOOL 192.168.111.71 192.168.111.80

access-list 104 permit ip 192.168.110.0 0.0.0.255 any

config WEBVPN :

WebVPN

Generate PKI trustpoint

crypto pki trustpoint NETCONF.CO.UK
enrollment selfsigned
subject-name cn=webvpn.netconf.co.uk
revocation-check none
rsakeypair NETCONF.CO.UK-self-signed
!
crypto pki enroll NETCONF.CO.UK
Enable HTTPS

ip http server
ip http access-class 98
ip http authentication aaa
ip http secure-server
ip http path flash:
!
access-list 98 permit 217.205.209.128 0.0.0.15
access-list 98 deny any log
Create SSL Gateway

webvpn gateway SSL
hostname webvpn.netconf.co.uk
ip address INTERNET_ADDRESS port 443
ssl trustpoint NETCONF.CO.UK
inservice
Create SSL Context's

webvpn context LETMEIN
title "WEBVPN.NETCONF.CO.UK: AUTHORISED ACCESS ONLY"
ssl authenticate verify all
!
port-forward "portlist"
local-port 22 remote-server "172.17.0.1" remote-port 22 description "SERVER1 SSH"
local-port 80 remote-server "172.17.0.1" remote-port 80 description "SERVER1 HTTP"
policy group default
port-forward "portlist"
default-group-policy default
gateway SSL domain letmein
max-users 1
inservice