PatCup.Com – My Knowledge Store
Menu
  • Home
  • Blog
  • My Library
  • About Me
Menu

Configuring a client-to-site VPN through PPTP on a Cisco router

Posted on April 30, 2012May 25, 2012 by Pat

When configuring up a new Cisco router, turning on the VPN server functionality is a really handy feature to have – but again it’s one of them that you only need once-in-a-while. There are millions of different things that you can tweak – authentication, IP allocation, etc – but I’ll run through how to configure it up for use in a small office environment.

First off, you’ll want to make sure that you have VPN server functionality. Again, this is determined by your IOS image. Check your feature set on the Cisco feature navigator:

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

Once you’ve done that – on to the configuration. I’ll point out anything that’s worth noting.

Enter configuration mode, set some basic aaa and enable vpdn:

phbrouter#conf t
phbrouter(config)#aaa new-model
phbrouter(config)#aaa authentication ppp default local
phbrouter(config)#aaa authorization network default if-authenticated
phbrouter(config)#vpdn enable
phbrouter(config)#

As mentioned, this is a fairly basic config. You’ll notice that we’re authenticating against the local userlist (which we’ll define later). If you wanted to, you could use RADIUS instead (which is outside the scope of this article! Maybe I’ll cover it some other time!). Next we need to setup a VPDN group, tell it that we accept dialin, define what protocol it should use and which virtual interface template to use for incoming connections (which we’ll do later):

phbrouter(config)#vpdn-group 1
phbrouter(config-vpdn)#accept-dialin
phbrouter(config-vpdn-acc-in)#protocol pptp
phbrouter(config-vpdn-acc-in)#virtual-template 1
phbrouter(config-vpdn-acc-in)#exit
phbrouter(config-vpdn)#exit
phbrouter(config)#

Great! Half way there. The next stage is to create a virtual interface that will be brought up when a user connects. This includes the address allocation and what authentication we want to accept. MS-Chap and MS-Chap v2 is good enough for our purposes:

phbrouter(config)#int Virtual-Template1
phbrouter(config-if)#desc VPN Virtual Interface
phbrouter(config-if)#ip unnumbered FastEthernet0/0
phbrouter(config-if)#peer default ip address pool vpnpool
phbrouter(config-if)#ppp encrypt mppe auto
phbrouter(config-if)#ppp authentication ms-chap ms-chap-v2
phbrouter(config-if)#exit
phbrouter(config)#

You’ll notice that it’ll try to grab an address from a pool (rather creatively) named vpnpool. We’ll define this now – but be sure to change this to a free address range on your network (also big enough to accomodate your number of users):

phbrouter(config)#ip local pool vpnpool 192.168.1.150 192.168.1.160
phbrouter(config)#

The final stage is to define some users. Seeing as we’re going to be using the local userlist, it’s a really good idea to set these users to privilege level 0 (for obvious reasons):

phbrouter(config)#username joebloggs privilege 0 password joebloggsrules
phbrouter(config)#username jackbloggs privilege 0 password brownbear

And you’re finished! You can either use the Cisco VPN Client to connect from remote locations – but I find the in-built Windows ‘Connection Wizard’ is a lot lighter (!) and is more than suffice.

 

** Links

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00801e51e2.shtml

Member Area

  • Register
  • Log in

Recent Posts

  • How To Bulk Remove Featured Images From Posts in WordPress
  • A Bootable Windows 10 USB Installer Drive on macOS High Sierra
  • Implementing Exponential Backoff
  • Cannot!! install/update wordpress plugins without providing ftp access?
  • Increase the max upload filesize in Apache/PHP

Recent Comments

  • Pat on PHP + SSH Authentication using a public key
  • theperp on PHP + SSH Authentication using a public key
  • Pat on Australian Vodafone is getting ready to release Andriod ICS for Samsung GALAXY Note soon
  • Pat on Australian Vodafone is getting ready to release Andriod ICS for Samsung GALAXY Note soon
  • Pat on Australian Vodafone is getting ready to release Andriod ICS for Samsung GALAXY Note soon

Archives

  • June 2018
  • June 2017
  • August 2014
  • April 2014
  • January 2014
  • August 2013
  • July 2013
  • February 2013
  • January 2013
  • December 2012
  • September 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012

Tags

500 Server Error Albert Einstein alfa apache apache2 apple apt AWS bash Brother Cisco computer CSS EC2 FTP FTP server Galaxy Note hacker hosting internet Linux mac Macbook OS X Passive password PHP php ssh printer router rsync RTL8187L script server SFTP SNMP SSH sudo Ubuntu USB Drive web web hosting Windows wordpress XAMPP

Categories

  • Applications (14)
    • Bugzilla (1)
    • PHP (11)
  • Cloud & Virtual Server (7)
    • AWS (4)
      • S3 (1)
    • VMware (1)
      • ESXi (1)
  • Computer (13)
    • Apple (4)
    • Dell (1)
  • Data Backup and Recovery (2)
  • General Topic (5)
  • Library (1)
  • Mobile (3)
    • iPhone (1)
    • Samsung (2)
  • Networking (7)
    • Cisco (3)
    • Router (1)
    • Switching (1)
    • Wireless (1)
  • Operating System (21)
    • Apple OSX (3)
    • Microsoft windows (3)
      • Windows 10 (1)
    • Unix / Linux (14)
      • Commands (1)
      • Linux and Unix – Scripts (1)
  • Printer (1)
    • Brother (1)
  • Projects (1)
    • Piohosting (1)
  • Security (6)
    • Hacking (3)
    • Virus (2)
    • vulnerability (1)
  • Server applications (15)
    • Apache (1)
    • FTP Server (5)
    • MySQL server (2)
    • Postfix (1)
    • Web Server (8)
  • Tips (4)
  • Uncategorized (4)
  • Wordpress (4)
© 2019 PatCup.Com – My Knowledge Store | WordPress Theme by Superbthemes