Wednesday, May 23, 2012

Cisco PPTP VPN server

On the Cisco IOS router

First you must make some changes on your router. First, you must enable VPDN (virtual private dial-up networking). This is used for VPN client connectivity, as opposed to site-to-site, always up, VPN connectivity. To do so use this command:
Router(config)# vpdn enable
Create a VPDN group configured to PPTP, just like the Microsoft VPN client will use, by default:
Router(config)# vpdn-group TEST-VPN
Router(config-vpdn)# accept-dialin
Router(config-vpdn)# protocol pptp
Router(config-vpdn)# virtual-template 1
Router(config-vpdn)# exit
Here, we will configure our interfaces to match the diagram. Naturally, your IP address configuration will vary:
Router(config)# interface ethernet0/0
Router(config-if)# ip address 10.253.15.19 255.255.0.0
Router(config-if)# no shutdown
Router(config)# interface ethernet0/1
Router(config-if)# ip address 10.123.123.123 255.255.255.0
Router(config-if)# no shutdown
Next, create your virtual-template that will apply to the inbound VPN connections. This template references the e0/1 interface for its IP address. It also references a pool of IP addresses that will be handed out to VPN clients. Finally, it configures the PPP encryption and authentication mechanisms to match what the Microsoft VPN client defaults to:
Router(config)# interface Virtual-Template1
Router(config-if)# ip unnumbered Ethernet0/1
Router(config-if)# peer default ip address pool defaultpool
Router(config-if)# ppp encrypt mppe auto required
Router(config-if)# ppp authentication ms-chap ms-chap-v2
Now, create the pool of IP addresses. This pool should not already be in use on the internal network you are connecting to:
Router(config)# ip local pool defaultpool 10.123.123.1 10.123.123.10
After that, create a test user:
Router(config)# username test password 0 test
Finally, configure authentication for PPP to use the local database. If you had a RADIUS server, this where you would point to the RADIUS server instead of the local database:
Router(config)# aaa new-model
Router(config)# aaa authentication ppp default local
The complete configuration looks like this:
username test password 0 test
aaa new-model
!
!
aaa authentication ppp default local
!
vpdn enable
!
vpdn-group TEST-VPN
! Default PPTP VPDN group
accept-dialin

protocol pptp

virtual-template 1

!
interface Ethernet0/0
ip address 10.253.15.19 255.255.0.0
no shutdown
interface Ethernet0/1
ip address 10.123.123.123 255.255.255.0

no shutdown

!
interface Virtual-Template1
ip unnumbered Ethernet0/1

peer default ip address pool defaultpool

ppp encrypt mppe auto required

ppp authentication ms-chap ms-chap-v2

!
ip local pool defaultpool 10.123.123.1 10.123.123.10

*********************************


vpdn enable
!
vpdn-group PPTP-Group
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
!
!
!
!
async-bootp gateway 10.123.3.1
async-bootp dns-server 206.13.28.12
   
interface Virtual-Template1
 ip address 10.123.3.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 peer default ip address pool PPTP
 ppp encrypt mppe 128 required
 ppp authentication ms-chap-v2
   
ip local pool PPTP 10.123.3.100 10.123.3.200
  

2 comments:

  1. Hi, i read your blog from time to time and i own a similar one and i was just curious if you get a lot of spam comments? If so how do you stop it, any plugin or anything you can advise? I get so much lately it's driving me crazy so any help is very much appreciated. Also visit my web page ::
    uk vpn

    ReplyDelete
  2. Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point. You
    obviously know what youre talking about, why throw away your intelligence on just posting videos to your blog when you
    could be giving us something informative to read? My blog ...
    dedicated vpn

    ReplyDelete