Skrevet av Emne: VPN setup with Cisco router and Windows 2000 or XP clients  (Lest 4345 ganger)

ATC

  • Gjest
VPN setup with Cisco router and Windows 2000 or XP clients
« på: 27. ſeptember 2008, 18:24 pm »
  • [applaud]0
  • [smite]0
  • Windows 95, 98 and NT all required separate third-party software to provide Virtual Private Network (VPN) connections. Windows 2000 and newer can not run these products, instead relying on its own proprietary solutions. Which, unfortunately, are near impossible to set up. Here's how we did it.



    ATC

    • Gjest
    [Solved] VPN setup with Cisco router and Windows 2000 or XP clients
    « Svar #1 på: 27. ſeptember 2008, 18:24 pm »
  • [applaud]0
  • [smite]0
  • On the router, you need an IOS which supports Virtual Private Dialup Networking (VPDN).


    ROUTER CONFIGURATION

    ! Substitute with actual username(s) and password(s):
    username [username] password 0 [password]

    vpdn enable
    no vpdn logging
    ! These IP addresses will be dynamically assigned to clients:
    ip local pool RTP-POOL 192.168.101.1 192.168.101.254

    vpdn-group 1
    ! Default PPTP VPDN group
    accept-dialin
    protocol pptp
    virtual-template 1
    local name cisco_pns

    !
    interface Virtual-Template1
    ! Clients will connect to the following physical interface:
    ip unnumbered Ethernet0
    ip mroute-cache
    no keepalive
    peer default ip address pool RTP-POOL
    ppp encrypt mppe 40
    ppp authentication ms-chap


    CLIENT CONFIGURATION

    This walkthrough describes Windows 2000. The XP setup is probably different since MS likes to play games with us, but you should be able to figure it out.

    - Right-click on "My network connections" and click Properties
    - Double-click on "New connection"
    - Click Next, select "Connect to private network via Internet"
    - If you want the VPN connection to automatically dial up and ISP for you, select this. Otherwise, select the first option.
    - Enter the IP address of your Cisco router (use the IP address of the interface you specified, e.g. ip unnumbered Ethernet0)
    - Select All users
    - Type a descriptive name for the VPN connection, e.g. the company name
    - Now click "Finish" and a password prompt will appear
    - Type the username and password you specified on the router
    - Check the Save password checkbox and click Connect

    Et Voila!
    You should now be able to access resources on that network as if you were locally connected.

    IF it doesn't work, check the following on the router:

    - Verify that the GRE protocol is permitted, and that clients can reach TCP/1723 on the router interface. Hint: The client may be sitting behind a firewall too.
    - If you are running NAT on the router, add "ip nat inside" to the Virtual-Template 1 interface.


    Unfortunately, troubleshooting on the client side is near impossible, the only error message I've been able to get is "619: The port was disconnected", and a "More details" button that recommends that you "reboot in case the changes have not been loaded correctly." *sigh*