I purchased 2 1710 routers to establish a VPN between 2 offices. After some painful learning time and some frustrating Cisco website searching I got the point-to-point VPN working. But then I was thinking since I have this VPN router there must be a way to allow remote users connect in addition to the permanent point to point VPN. Does anybody have any advice on setting up something that will accomplish this. Also I am new to Cisco IOS so I am attaching one of the configs for review. If anyone can point out some potential problems I would appreciate it.
Current configuration : 1621 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router
!
aaa new-model
!
!
aaa session-id common
enable
enable password enable
!
username user password 0 password
memory-size iomem 25
ip subnet-zero
!
!
ip domain-name domain.com
ip name-server 192.168.10.3
!
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
!
crypto isakmp policy 1
encr 3des
authentication pre-share
crypto isakmp key Encryptionkey address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set vpn-test esp-3des esp-sha-hmac
!
crypto map static-map local-address Ethernet0
crypto map static-map 1 ipsec-isakmp
set peer 77.77.77.77
set transform-set vpn-test
match address vpn-static1
!
!
!
!
interface Ethernet0
ip address 60.60.60.2 255.255.255.0
ip nat outside
half-duplex
crypto map static-map
!
interface FastEthernet0
ip address 10.0.2.1 255.255.255.0
ip nat inside
speed auto
half-duplex
!
ip nat inside source list 122 interface Ethernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 60.60.60.1
no ip http server
ip pim bidir-enable
!
!
ip access-list extended vpn-static1
permit ip 10.0.2.0 0.0.0.255 10.0.0.0 0.0.0.255
!
access-list 8 permit 10.0.2.0 0.0.0.255
access-list 122 deny ip 10.0.2.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 122 permit ip 10.0.2.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
snmp-server community public RO
!
line con 0
line aux 0
line vty 0 4
password password
transport input ssh
!
end
Current configuration : 1621 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router
!
aaa new-model
!
!
aaa session-id common
enable
enable password enable
!
username user password 0 password
memory-size iomem 25
ip subnet-zero
!
!
ip domain-name domain.com
ip name-server 192.168.10.3
!
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
!
crypto isakmp policy 1
encr 3des
authentication pre-share
crypto isakmp key Encryptionkey address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set vpn-test esp-3des esp-sha-hmac
!
crypto map static-map local-address Ethernet0
crypto map static-map 1 ipsec-isakmp
set peer 77.77.77.77
set transform-set vpn-test
match address vpn-static1
!
!
!
!
interface Ethernet0
ip address 60.60.60.2 255.255.255.0
ip nat outside
half-duplex
crypto map static-map
!
interface FastEthernet0
ip address 10.0.2.1 255.255.255.0
ip nat inside
speed auto
half-duplex
!
ip nat inside source list 122 interface Ethernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 60.60.60.1
no ip http server
ip pim bidir-enable
!
!
ip access-list extended vpn-static1
permit ip 10.0.2.0 0.0.0.255 10.0.0.0 0.0.0.255
!
access-list 8 permit 10.0.2.0 0.0.0.255
access-list 122 deny ip 10.0.2.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 122 permit ip 10.0.2.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
snmp-server community public RO
!
line con 0
line aux 0
line vty 0 4
password password
transport input ssh
!
end
