I have a Cisco 1841 configured for VPN connections of two types:
- Site-to-site for partners' routers (IPSec) — using different
crypto isakmp key
andcrypto map
withset peer
,set transform-set
,match address
for every peer (same map name, different sequence numbers). That crypto map name is added to the WAN interface. - Client access (PPTP) — using
vpdn-group
withaccept-dialin protocol pptp
.
Now, a new partner wants to connect using vpnc client. The latter needs IPSec ID
(group name) and IPSec secret
in addition to username and password. I guess that IPSec secret is pre-shared key that can be specified in crypto isakmp key
on Cisco. But I could not find any VPN tutorials involving groups. Hence, my questions:
- How to add IPSec ID (group name) and IPSec secret on Cisco router for vpnc connections? Should I add a new crypto map matching all addresses as well?
- Is it possible to add this configuration without breaking the existing setup?
Thank you.
It's no different from setting it up for the Cisco VPN Client. Cisco has a great deal of information on their Web site for setting it up. This page is the best example I could find. The part relevant to you is the 2611 configuration. If that doesn't help, their general VPN configuration examples can be found here. Basically, you'll add a dynamic entry to your existing crypto map, and you'll add some additional lines to set up the VPN group. It shouldn't break your existing setup.
Note that they appear to have changed things around on their site again, so you might need to register for guest access (which is free) to view these links.