Cisco Systems IOS Router manual Cisco IOS VPN Router, RADIUS configuration, VPN Policy

Cisco IOS VPN Router

RADIUS configuration:

aaa new-model

aaaauthentication login userauthen group radius local aaa authorization network groupauthor local

radius-server host xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646 radius-server timeout 120

radius-server key “your key”

VPN Policy:

crypto isakmp policy 3 encr 3des authentication pre-share group 2

crypto isakmp client configuration group vpngroup (“vpngroup” Must match the group name set in the vpn client)

key password (“password” Must match password set in the vpn client)

pool vpnpool (“vpnpool” is the name of an ip pool created on the router)

crypto ipsec transform-set myset esp-3des esp-sha-hmac

crypto dynamic-map dymap 10 set transform-set myset

crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dymap

Interface configuration:

Apply the crypto map to the appropriate interface.

interface Ethernet1/0

description connected to EthernatLAN crypto map clientmap

The VPN Policy is an example only. You may need to make changes to it to fit your needs. For example the encr command could be set to encr aes 256.

6