The document summarizes the configuration of a VPN server including setting up IKE policies, crypto maps, IP pools, and network address translation to allow VPN clients to connect securely and access internal network resources behind the server. Key steps include configuring AAA authentication and authorization, IKE and IPsec transforms, dynamic crypto maps to connect clients in the ippool range, and NAT to translate private addresses to public addresses for internet access.

1. ---------------------------------------Cấu hình trên VPN server---------------------
Aaa new-model
aaa authentication login userauthen local
aaa authorization network groupauthor local
username sena password 0 cisco
crypto isakmp policy 10
encryption aes 256
authentication pre-share
group 2
exit
crypto isakmp client configuration group vpnclient
key cisco123
pool ippool
acl 1

2. exit
crypto ipsec transform-set myset esp-3des esp-md5-hmac
ex
crypto dynamic-map dynmap 10
set transform−set myset
reverse−route
ex
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec−isakmp dynamic dynmap
ip local pool ippool 200.0.0.10 200.0.0.20
access-list 1 permit 192.168.10.0 0.0.0.255
ip nat inside source list 1 interface s0/0/0 overload
int f0/0
ip nat inside
half−duplex
int s0/0/0
ip nat outside
crypto map clientmap

3. bên R2 cũng cấu hình NAT
acc 1 permit 192.168.20.0 0.0.0.255
ip nat inside sou list 1 int s1/0 over
int f2/0
ip nat inside
int s1/0
ip nat outside
PC 2:
Sauk hi cài cisco VPN client xong bạn vào network enable và đặt ip là
192.168.20.3/24

4. Vào VPN client chọn New

6. Bấm save và connect -> Đánh user với pass:

7. Sau đó vào status -> statictis…