IPSec Remote Access User
91
Figure 28 User Group Remote Access ConfigurationTo create the user group configuration enter:
Blackbox>configure term
Blackbox/configure>interface bundle wan
Blackbox/configure/interface/bundle w an>link t1 1-2
Blackbox/configure/interface/bundle w an>ip address 172.16.0.1 321
Blackbox/configure/interface/bundle w an>crypto internet
To configure the IKE policy for negotiating with the remote VPN client needing access (note that the IKE and IPSec policies for management (self) tunnel need to be defined in the “Self” map):
Blackbox/configure>crypto Self
Blackbox/configure/crypto>dynamic
Blackbox/configure/crypto/dynamic>ike policy admin user-group
Blackbox/configure/crypto/dynamic/ike /policy admin>local-address 172.16.0.1
Blackbox/configure/crypto/dynamic/ike /policy admin>remote-id email-id sampl edata Black
Boxuser
Blackbox/configure/crypto/dynamic/ike /policy admin>key pskforadminuser
Blackbox/configure/crypto/dynamic/ike /policy admin>proposal 1
Blackbox/configure/crypto/dynamic/ike /policy admin/proposal 1>encryption-al gorithm
3des-cbc
Blackbox/configure/crypto/dynamic/ike /policy admin/proposal 1>client authen tication
radius
To configure the IPSec policy for negotiating with VPN client needing access to the security gateway.
Blackbox/configure/crypto/dynamic>ips ec policy admin user-group
Blackbox/configure/crypto/dynamic/ips ec/policy admin>match address 172.16.0 .1 32
Blackbox/configure/crypto/dynamic/ips ec/policy admin> proposal 1
Blackbox/configure/crypto/dynamic/ips ec/policy admin/proposal 1>encryption- algorithm
aes128-cbc
1. error message saying Bundle is not yet encapped.
Tasman #1
VPN Server
172.16.0.1
IPSEC TUNNEL
VPN Client 2
Local Outer Address:
Dynamic
Local ID:
admin@tasmannetworks
.com
Black Box
blackbox.com