30 Jun 2008
VPN router-to-router using cisco 17xx / 18xx
How to setup a VPN router-to-router using cisco 17xx / 18xx
Want to connect your cisco router to a CiscoVPN server?
the following lines will config your router to act as a VPNClient
and will tunnel the traffic on that VPN
check the ***STARRED*** values and replace it
crypto ipsec client ezvpn MyVpn
connect auto
group ***VPN_GORUP*** key ***VPN_GORUP_KEY***
mode client
peer ***VPN_SERVER_IP_ADDRESS***
username ***VPN_USER_NAME*** password ***VPN_USER_PASSWORD***
xauth userid mode local
interface Ethernet0
crypto ipsec client ezvpn MyVpn
interface FastEthernet0
crypto ipsec client ezvpn MyVpn inside
REMEBER: you may want to tunnelize only some traffic on the VPN CLIENT SIDE, and let all the other traffic transit outside the vpn. Then you have to config a SPLIT-TUNNEL on the VPN SERVER SIDE: check this post.
.
Enable a Cisco VPN Split Tunnel
Need to a enable a VPN Split Tunnel on a cisco 17xx/18xx ?
Need to separate Subnets traffic from VPN tunneling?
1) define an ACL with the address to tunnel in VPN
2) add this ACL to a group
The client will automatically reconfigure itself at next connection.
No intervention needed on client config!
crypto isakmp client configuration group ***MY_GROUP***
key ***MY_GROUP_KEY***
pool SDM_POOL_1
save-password
include-local-lan
acl 150
!
access-list 150 permit ip any 192.168.10.0 0.0.0.255
How to create a cisco vpn server
Here is an example showing the quickest way to enable a
VPN SERVER on router Cisco 17xx / 18xx / ...
just check the ***STARRED*** values & replace it with yours;
this script uses a
LAN on 192.168.10.x and
VPN client on 192.168.11.x
!
aaa new-model
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
username ***USER1*** privilege 0 password 0 ***PASSWORD***
username ***USER2*** privilege 0 password 0 ***PASSWORD***
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp xauth timeout 15
!
crypto isakmp client configuration group ***MY_GROUP***
key ***MY_GROUP_KEY***
pool SDM_POOL_1
save-password
include-local-lan
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
interface Ethernet0
crypto map SDM_CMAP_1
!
ip local pool SDM_POOL_1 192.168.11.1 192.168.11.100
ip classes
!
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
!
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
route-map SDM_RMAP_1 permit 1
match ip address 100
!
end
play GOLF online ... you must give it a try
http://worldgolftour.com/
Give it a try... you'll love it!!
try the following T-SQL codes to verify or alter the database,table or field collation:
check DATABASE collation:
select databasepropertyex(db_name(),'collation') as collation_name
alter DATABASE collation
alter database MYDB collate Latin1_General_CI_AS
check TABLE collation:
select column_name, collation_name
from INFORMATION_SCHEMA.COLUMNS
where table_name = 'MYTABLE'
check COLUMN collation:
select column_name, collation_name
from INFORMATION_SCHEMA.COLUMNS
where table_name = 'MYTABLE'
alter COLUMN collation:
alter table MYTABLE
alter column MYCOLUMN value varchar(20)
COLLATE Latin1_General_CI_AS
Following a script for checking and examinate all DB COLUMNS:
(NOTE: this script wont modify anything. It will just create code lines for you)
declare @toCollation sysname
set @toCollation = 'Latin1_General_CI_AS'
set @toCollation = select databasepropertyex(db_name(),'collation') as collation_name
print 'TO COLLATION --> ' + @toCollation
SELECT 'ALTER TABLE '+TABLE_NAME+' ALTER COLUMN '
+ COLUMN_NAME + ' ' + DATA_TYPE +
CASE WHEN CHARACTER_MAXIMUM_LENGTH = -1 then '(max)'
WHEN DATA_TYPE in ('text','ntext') then ''
WHEN CHARACTER_MAXIMUM_LENGTH IS NOT NULL
THEN '('+(CONVERT(VARCHAR,CHARACTER_MAXIMUM_LENGTH)+')' )
ELSE isnull(CONVERT(VARCHAR,CHARACTER_MAXIMUM_LENGTH),' ')
END +' COLLATE ' + @toCollation+ ' ' +
CASE IS_NULLABLE
WHEN 'YES' THEN 'NULL'
WHEN 'No' THEN 'NOT NULL'
END +' -- was '+COLLATION_NAME
FROM INFORMATION_SCHEMA.COLUMNS INNER JOIN INFORMATION_SCHEMA.TABLES
ON INFORMATION_SCHEMA.COLUMNS.TABLE_NAME = INFORMATION_SCHEMA.TABLES.TABLE_NAME
AND INFORMATION_SCHEMA.COLUMNS.TABLE_SCHEMA = INFORMATION_SCHEMA.TABLES.TABLE_SCHEMA
WHERE DATA_TYPE IN('varchar','char','nvarchar','nchar','text','ntext')
AND TABLE_TYPE = 'BASE TABLE' AND COLLATION_NAME<>@toCollation
NOTE 1
Altering a database collation doesn't alter his tables too...
only new tables/fields will be affected, so you'll need to check and alter your current structure manually.
Use the above script.
NOTE 2
if you have views, stored procs, or applications already working with the current collation, BE VERY CAREFULL on altering any column COLLATION.
Altering collations may cause errors like COLLATION CONFLICT !
eg:
Cannot resolve the collation conflict between "Latin1_General_CI_AS" and "Latin1_General_CS_AS" in the equal to operation.
This may be a message coming from a view or a stored...
Suggestion: never (i mean NEVER) alter a collation on a column if not necessary!!