Share this page : facebooktwitterlinkedinmailfacebooktwitterlinkedinmail
R1(config)# conf t
R1(config)# username aaron secret MyPassword

Now we need to activate aaa new model to expose new commands:

R1(config)# aaa new-model

Set up ppp authentication for local database by default:

R1(config)# aaa authentication ppp default local

We must provide authorization for the client computer, in this case we’ll do this automatically if the user has successfully authenticated:

R1(config)# aaa authorization network default if-authenticated

Now we need to activate VPDN which along with dial up networking will activate remote access PPTP VPN connections:

R1(config)# vpdn enable

Enter the VPDN group configuration for group VPN_PPTP:

R1(config)# vpdn-group VPN_PPTP

Configure the VPDN group for dialin connections which is how we define our inbound PPTP VPN connections.  Also specify PPTP as the protocol to be used and a virtual template with additional parameters for these connections:

R1(config-vpdn)# accept-dialin
R1(config-vpdn-acc-in)# protocol pptp
R1(config-vpdn-acc-in)# virtual-template 1

Type exit twice to return to get out of vpdn config.

Now we need to configure a virtual interface that VPN clients will use when connecting to the router:

R1(config)# interface Virtual-Template1

In my example the client will bind to VLAN 10 which is my internal LAN interface, standard Ethernet/FastEthernet ports can also be used:

R1(config-if)# ip unnumbered Vlan 10

We’ll tell the PPTP VPN clients to use an IP address from a pool defined locally on the router:

R1(config-if)# peer default ip address pool PPTP-VPN-POOL

We need to set up encryption and authentication  for the PPP tunnel.  I’ll tell it to require Microsoft 128-bit which XP supports and I’ll use MS-CHAP-V2 for authentication:

R1(config-if)# ppp encrypt mppe 128
R1(config-if)# ppp authentication ms-chap-v2
R1(config-if)# exit

Now create the local pool of IP addresses for the VPN clients to use when connected to our internal network and save our configuration:

R1(config)# ip local pool PPTP-VPN-POOL 192.168.2.200 192.168.2.210
R1(config)# exit
R1# copy run start