Cisco IOS Router EzVPN configuration
- First setup a DHCP server on the router to assign an IP to the laptop. You can ignore this part of the setting if you wish to assign your IPs statically.
ip dhcp pool LAPTOP import all host 10.3.201.2 255.255.255.248 client-identifier 01f0.def1.836d.2d option 150 ip 10.1.0.192 domain-name domain.local default-router 10.3.201.1 dns-server 10.3.128.7 8.8.8.8 4.2.2.2
- Set the domain and the DNS server settings on your router. This maybe useful if you are going to use DNS names to reach your VPN server.
ip domain name domain.local ip name-server 8.8.8.8 ip name-server 4.2.2.2
- Configure the Phase 1 parameters on the client end. This is where you specify the pre-shared key along with the NEM option, and the username and password used in the extended authentication.
crypto isakmp key secret hostname CISCOASA crypto isakmp keepalive 10 periodic crypto ipsec client ezvpn EZVPN connect auto group EZVPN1 key secret mode network-extension peer X.X.X.X username EZVPN_USER password secret xauth userid mode local
- Define your inside and outside interfaces. Here I have used Fe4 as the outside interface and assigned the EZVPN profile to it. I used interface Vlan2 as my inside interface.
interface FastEthernet4 ip address dhcp ip nat outside ip virtual-reassembly in duplex auto speed auto crypto ipsec client ezvpn EZVPN interface Vlan2 ip address 10.3.201.1 255.255.255.0 ip nat inside ip virtual-reassembly in crypto ipsec client ezvpn EZVPN inside
- Lastly for use with split tunnel, I’ve added this statement in to ensure the users on the client side is able to reach the internet without going through the tunnel. You don’t need this line for the VPN to work.
ip nat inside source list NAT_ACL interface FastEthernet4 overload ip access-list extended NAT_ACL permit ip 10.2.201.0 0.0.0.255 any
1 2
