Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel

Configure Group Policy Information

 

Command or Action

Purpose

Step 5

 

 

group {1 2 5}

Specifies the Diffie-Hellman group to be used in

 

 

an IKE policy.

 

Example:

 

 

Router(config-isakmp)# group 2

 

 

Router(config-isakmp)#

 

Step 6

 

 

lifetime seconds

Specifies the lifetime, 60–86400 seconds, for an

 

 

IKE security association (SA).

 

Example:

 

 

Router(config-isakmp)# lifetime 480

 

 

Router(config-isakmp)#

 

Step 7

 

 

exit

Exits IKE policy configuration mode, and enters

 

 

global configuration mode.

 

Example:

 

 

Router(config-isakmp)# exit

 

 

Router(config)#

 

 

 

 

Configure Group Policy Information

Perform these steps to configure the group policy, beginning in global configuration mode:

 

Command or Action

Purpose

Step 1

 

 

crypto isakmp client configuration group

Creates an IKE policy group containing attributes

 

{group-name default}

to be downloaded to the remote client.

 

 

Also enters the Internet Security Association Key

 

 

and Management Protocol (ISAKMP) group

 

Example:

policy configuration mode.

 

Router(config)# crypto isakmp client

 

 

configuration group rtr-remote

 

 

Router(config-isakmp-group)#

 

Step 2

 

 

key name

Specifies the IKE pre-shared key for the group

 

 

policy.

 

Example:

 

 

Router(config-isakmp-group)# key

 

 

secret-password

 

 

Router(config-isakmp-group)#

 

Step 3

 

 

dns primary-server

Specifies the primary Domain Name System

 

 

(DNS) server for the group.

 

Example:

Note You may also want to specify Windows

 

 

 

Router(config-isakmp-group)# dns 10.50.10.1

Internet Naming Service (WINS) servers

 

Router(config-isakmp-group)#

for the group by using the wins command.

 

 

 

 

 

Cisco Secure Router 520 Series Software Configuration Guide

6-4

OL-14210-01

 

 

Page 68
Image 68
Cisco Systems 520 series manual Configure Group Policy Information