VPN connection with Cisco 831 and windows XP?

[abaseballfan]

Hello, our company has a Cisco 831 router and we pull down drawings all the time over a VPN connection from our customer, but our engineers travel a lot here and I would like to have it where they could be in a motel room and connect into one computer here at the office to access the software they need to pull down drawings when they are out of town, I just don't know what programming lines I need to enter in the router, the ip address I can set onto one computer to be the same ip so that would be the one to access each time, I just don't know how to program the router for all this, everything I did to this point was from asking questions on this site, thank you.

 

[JOAMON]

Your 831 router can be setup to act as a vpn server. I have two routers in my network...a 2811 for mainstream VPN site to site connections and an 831 next to it setup as a VPN server. I could have probably combined all into 2811 but I wanted VPN router seperate because sometimes VPN connections hang or if I just want to kill remote access just need to shutdown outside interface without killing everything. Anyway below is a copy of the 831 config that could be used as a guide to help set it up as a VPN server. Also see the following link:

http://www.cisco.com/warp/public/471/ios-unity.html

831#sh run
Building configuration...

Current configuration : 5814 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname 831
!
logging count
logging queue-limit 100
enable password 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
username remoteuser password 7 XXXXXXXXXXXXXXX
clock timezone PST -8
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
ip subnet-zero
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp client configuration group remotevpnclient
key 0 831vpnpass
pool ippool
acl 109
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface Ethernet0
description "connected to the network"
ip address 192.168.1.2 255.255.255.0
arp timeout 120
hold-queue 100 out
!
interface Ethernet1
description "connected to the internet"
ip address XXX.XXX.XXX.XXX 255.255.255.248
duplex full
arp timeout 120
no cdp enable
crypto map clientmap
!
ip local pool ippool 192.168.100.50 192.168.100.60
ip classless
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX
no ip http server
no ip http secure-server
!
access-list 12 permit 192.168.1.0 0.0.0.255
access-list 109 permit ip host 192.168.1.10 192.168.100.0 0.0.0.255
access-list 109 deny ip any any
banner login ^C Private Network ^C
!
line con 0
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class 12 in
password 7 XXXXXXXXXXXX
!
scheduler max-task-time 5000
ntp clock-period
ntp server XXX.XXX.XXX.XXX
!
end

831#

 

[abaseballfan]

Thanks a lot! I will read over this and try it out, I just don't want to screw up anything I have in there already since I have no clue about the programming on there, but I will read that link you sent me too, thank you.

 

[JOAMON]

If you want to post your config less any passwords I could take a look and see what I could come up with. I have one of these at home I use to experiment with for different projects. Also post the output of show version.

 

[JOAMON]

Just remember to save current config before making any changes. Worst case you make a change that kills everything all you need do at that point is power cycle the router and it will revert back to the saved config.

 

[abaseballfan]

Hi, ummm I would love to have your help on this, is there anyway I can e-mail you this config? I would feel my better about that instead of having it all posted on here? I have several items for the vpn connection we use right now to access our customers site, and I am not sure what should be kept private on that, but I can e-mail you the current config if that's ok?

 

[JOAMON]

Are you already maintaining vpn site to site connections with that router?

 

[abaseballfan]

well our main customer is SBC and we have a vpn connection right now to access a system on there end, which they helped me set up, I know nothing about it honestly, but we have nothing set up to access anything here on our end.

 

[JOAMON]

With a VPN already in place that will make it more difficult to configure on this hardware. What is your netwrok....how may users....what type and speed of internet...how many remote uses will access from outside?

 

[abaseballfan]

ohh okay, yeah maybe I should not even mess with this, it took me long enough to set up what I have right now, lol, it's a small network here, just 10 computers on it and it's all window XP operating systems, and we have a DSL connection here with a static ip, there would be about 3 users who would need access to it, but I would just have one computer here with the software on it they would need to access, but if it's a major thing I won't even worry about, thanks for your help.

 

[JOAMON]

There are other ways to do this that are not a major deal but just are a little time consuming.
Take a look at the following article. You should be able to use this without disturbing your current VPN.

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00801e51e2.shtml

 

[abaseballfan]

great thank you, I will check that out