PPP and PAP configurationLabI#conf t
LabI(config)#int s0/0
LabI(config-if)#encap
LabI(config-if)#ppp authentication pap
LabI(config)#username user1 password user1
LabI(config)#username user2 password user2
LabI(config)#username LabJ password cisco
LabI(config)#int s0/0
LabI(config-if)#ppp pap sent-username LabI password 1234
VPN configuration:
LabI#conf t
LabI(config)#crypto isakmp enable
LabI(config)#crypto isakmp policy 10000 --> set the priority as the highest if there is only one policy around.
LabI(config-isakmp)#authentication pre-share
LabI(config-isakmp)#encryption des
LabI(config-isakmp)#group 1
LabI(config-isakmp)#hash sha
LabI(config-isakmp)#lifetime 36000
LabI(config-isakmp)#exit
LabI(config)#crypto isakmp identity address --> prefer to use address
LabI(config)#crypto isakmp key cisco1234 address 1.0.0.2
How to tranform our data ?
LabI(config)#crypto ipsec transform-set LabI esp-des --> Encrypt your information
LabI(config)#crypto ipsec security-association lifetime second 36000
---create an access-list-----
LabI(config)#access-list 100 permit ip host 4.0.0.0 0.0.0.255 3.0.0.0 0.0.0.255
--crypto map---
LabI(config)#crypto map LabI 1 ipsec-isakmp
LabI(config-crypto-map)#match address 100
LabI(config-crypto-map)#set peer 1.0.0.2
LabI(config-crypto-map)#set pfs group 1
LabI(config-crypto-map)#set transform-set LabI
LabI(config-crypto-map)#set security-association lifetime seconds 36000
LabI(config-crypto-map)#exit
LabI(config)#int s 0/0
LabI(config-if)#crypto map LabI
------AAA authentication------
LabI(config)#aaa authentication login Secure_Login local
LabI(config)#line vty 0 15
LabI(config-line)#login authentication Secure_Login
Debug Tips:
- Make sure advertise correctly for the protocol set.
-Make sure before implementing VPN, you can ping from interface to interface freely.
-Make sure your crypto map don't interfere with the routing.
-If you do not now why RIP is not working, just use the static route.
-Make sure your VPN is working?
+ debug crypto isakmp
+ debug crypto ipsec
+ debug crypto sessmgmt
+ Do an extended ping
More Tips ?
Comments