Cisco Systems, Inc.
All contents are Copyright © 1992–2004 Cisco Systems, Inc. All rights reserved. Import
Page 1 of 8
CONFIGURATION GUIDE
CONFIGURING CISCO IOS EASY VPN REMOTE
WITH CLIENT MODE AND XAUTH
Figure 1
Network Diagram
INTRODUCTION
This document describes how to configure a router-to-router Easy VPN Solution based on
the Cisco IOS® Easy VPN Client and Cisco IOS Remote Access Server features. The sample
configuration uses Cisco 831 for the client and Cisco 1751 for the server. The Cisco Easy VPN
negotiates tunnel parameters and establishes IPsec tunnels. Xauth adds another level of
authentication that identifies the user who requests the IPsec connection.
PREREQUISITES
The router-to-router Easy VPN sample configuration is based on the following assumptions:
• The IP address at the Cisco Easy VPN Server is static.
• The IP address at the Cisco Easy VPN Client is dynamic.
• All traffic, including Internet traffic, from the Cisco Easy VPN Client is forwarded to the hub.
• Traffic from the remote hosts is forwarded after applying Network Address Translation/Port
Address Translation (NAT/PAT).
• User level authentication is used for authorizing VPN access.
COMPONENTS USED
The sample configuration uses the following releases of the software and hardware:
• Cisco 831 with Cisco IOS Software Release 12.3(2)XA
• Cisco 1751V with Cisco IOS Software Release 12.2(8)T
Figure 1 illustrates the network for the sample configuration.
30.30.30.0
20.20.20.0
10.10.10.0
C1751V
Easy VPN Server
IPsec Tunnel
Easy VPN
C800
Easy VPN Client
Xauth
ant Notices and Privacy Statement.
All content
The information presented in this document was created from devices in a specific lab environment. All of the devices
started with a cleared (default) configuration. In a live network, it is imperative to understand the potential impact
of any command before implementing it.
EASY VPN CONFIGURATIONS
The Cisco Easy VPN implements the Cisco Unity Client protocol, which simplifies configuring the