Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Clueless - VPN

Status
Not open for further replies.
mrn

mrn

MIS
Apr 27, 2001
3,993
GB
I've been asked to setup a new connection on an existing VPN at a company I'm currently working at. They have just sold off the side of the business with the techincal know-how.

If we are
1.1.1.1/8 int interface
2.2.2.2/28 ext interface

and I want to allow company x with an address of 3.3.3.3 to access one of our servers 192.168.0.1 with a password of letmein how would I do this?

Using Cisco IOS C831

If I've missed any important info, please let me know

Mike

"A foolproof method for sculpting an elephant: first, get a huge block of marble, then you chip away everything that doesn't look like an elephant.
 
Sort by date Sort by votes
You have to have the client access the ROOT IP of your company, and your router must be configured to allow PPTP passthrough (should already since the VPN is existing), and the router should forward port 1723 to 192.168.0.1 (if that is your server IP address when IPCHECK is run from the server's command prompt. This should also already be configured if you have an existing LAN).

Then, you have to set permissions.

Go into your incoming connections (depending on how this is set up, you will need to go to your RAS Control Panel. On my server, the incoming connection setup is accessible through Network and Dial-UP Internet Connections.) Add a new user and assign the permissions you want them to have. Also, add the user with permissions to any shared folders they should be allowed to access.

That's it!

Easy, huh?

 
Upvote 0 Downvote
Hhhhmm, clear as mud. I was hoping for commands or a good idiots howto

Mike

"A foolproof method for sculpting an elephant: first, get a huge block of marble, then you chip away everything that doesn't look like an elephant.
 
Upvote 0 Downvote
Okay...

If you want 3.3.3.3 to connect to your server, then 3.3.3.3 needs a username/password setup. When you click Dial-up and Network Connections, do you see a connection named "Incoming Connections"? If not, then the server has everything set up in the RAS section. For RAS, I'll write something more detailed when I get the chance. If you have a connection named "Incoming Connections", however; right-click it and select properties. In properties, you can define a new user and password.

At this point, it would be a good idea to test the new name.

Go to a client computer and create a VPN connection that attaches to your server's ROOT IP, (not the router IP.)

[To find the root IP, hop on the server computer and visit The number you find will be the HOST IP.]

You should be able to log in with the new user name and pass.

Your server is already configured for VPN, so if you know ANYTHING about computers, adding a user name should be cake.

Adding for shared folders works the same way. Right-click/Properties. It's easy...really.
 
Upvote 0 Downvote
This is a site to site connection, not a client to site. Sorry should have said.

Mike

"A foolproof method for sculpting an elephant: first, get a huge block of marble, then you chip away everything that doesn't look like an elephant.
 
Upvote 0 Downvote
I'm not sure that all the parts that you need are here, but something like this should get you started. I needs to be done on both sides, changing the <remote peer> and ACL as needed.

crypto isakmp policy 10
encr 3des
authentication pre-share
group 2

crypto isakmp key mysecretpassword address <remote peer>
crypto ipsec transform-set myTransform esp-3des esp-md5-hmac
crypto map myMap 1 ipsec-isakmp
description Whatever
set peer <remote peer>
set transform-set myTransform
match address aclVPN

ip access-list extended aclVPN
! on the remote side:
permit ip <remote net> <remote_mask> host 192.168.0.1
! on the host side:
permit ip host 192.168.0.1 <remote net> <remote_mask>


The "remote peer" is the other side's public address, the outside addess of their Internet router (3.3.3.3 and 2.2.2.2, apparently). "Remote Net" is the range of hosts on their side which need to access your host. If they happen to use the same 192.168.0.0 network that you use, it complicates things a little.

Also check if your IOS supports 3DES and substitute DES instead if not.
 
Upvote 0 Downvote
Thanks just the ticket

Mike

"A foolproof method for sculpting an elephant: first, get a huge block of marble, then you chip away everything that doesn't look like an elephant.
 
Upvote 0 Downvote
What's the best way to test this? Can I create a connection from the router to the Server as It's a AS400 on our side and I don't have access.

Mike

"A foolproof method for sculpting an elephant: first, get a huge block of marble, then you chip away everything that doesn't look like an elephant.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
578
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
418
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
353
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
326
Joon Smith
Joon Smith
LearningNetworking
  • Locked
  • Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
383
LearningNetworking
LearningNetworking

Part and Inventory Search

Sponsor

Back
Top