Cisco Systems OL-24124-01 manual 17-6, Aaa new-model

Page 6

Chapter 17 Configuring Virtual Private Networks

Sample IOS configuration summary

aaanew-model

!

!

aaa authentication login default local aaa authentication login webvpn local aaa authorization exec default local

!

aaa session-id common

!

clock timezone CST -6

clock summer-time CDT recurring

!

crypto pki token default removal timeout 0

!

! Define trustpoints

crypto pki trustpoint iosrcdnvpn-cert enrollment selfsigned serial-number

subject-name cn=iosrcdnvpn-cert revocation-check none rsakeypair iosrcdnvpn-key 1024

!

crypto pki trustpoint CiscoMfgCert enrollment terminal revocation-check none

authorization username subjectname commonname

!

crypto pki trustpoint CiscoRootCA enrollment terminal revocation-check crl

authorization username subjectname commonname

!

!

! Certificates

crypto pki certificate chain iosrcdnvpn-cert certificate self-signed 04

crypto pki certificate chain CiscoMfgCert certificate ca 6A6967B3000000000003

crypto pki certificate chain CiscoRootCA certificate ca 5FF87B282B54DC8D42A315B568C9ADFF

crypto pki certificate chain test certificate ca 00

dot11 syslog

ip source-route

!

!

ip cef

!

!

!

ip domain name nw048b.cisco.com no ipv6 cef

!

multilink bundle-name authenticated

!

!

voice-card 0

!

!

!

license udi pid CISCO2821 sn FTX1344AH76 archive

log config

 

Cisco Unified Communications Manager Security Guide

17-6

OL-24124-01

Image 6
Contents Configuring the VPN Feature Supported Devices17-1 Configuration Steps 17-2IOS configuration requirements Configuring IOS for VPN client on IP phone17-3 Routerconfig# ip route destip mask gatewayip 17-4Sample IOS configuration summary 17-517-6 Aaa new-model17-7 Hidekeys17-8 ASA configuration requirements Configuring ASA for VPN client on IP phone17-9 17-10 Sample ASA configuration summary 17-1117-12 Same-security-traffic permit inter-interface17-13 17-14 Svc rekey time17-15 17-16