Cisco Systems 520 series guide

Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel

Apply Mode Configuration to the Crypto Map

	Command or Action		Purpose
Step 4
Step 4	domain name		Specifies group domain membership.
	Example:
	Router(config-isakmp-group)# domain
	company.com
	Router(config-isakmp-group)#
Step 5
Step 5	exit		Exits IKE group policy configuration mode, and
			enters global configuration mode.
	Example:
	Router(config-isakmp-group)# exit
	Router(config)#
Step 6
Step 6	ip local pool {default poolname}		Specifies a local address pool for the group.
	[low-ip-address [high-ip-address]]		For details about this command and additional
			For details about this command and additional
	Example:		parameters that can be set, see the Cisco IOS Dial
	Example:		Technologies Command Reference.
			Technologies Command Reference.
	Router(config)# ip local pool dynpool
	30.30.30.20	30.30.30.30
	Router(config)#

Apply Mode Configuration to the Crypto Map

Perform these steps to apply mode configuration to the crypto map, beginning in global configuration mode:

	Command or Action	Purpose
Step 1
Step 1	crypto map map-nameisakmp authorization list	Applies mode configuration to the crypto map and
	list-name	enables key lookup (IKE queries) for the group
		policy from an authentication, authorization, and
	Example:	accounting (AAA) server.
	Router(config)# crypto map dynmap isakmp
	authorization list rtr-remote
	Router(config)#
Step 2
Step 2	crypto map tag client configuration address	Configures the router to reply to mode
	[initiate respond]	configuration requests from remote clients.
	Example:
	Router(config)# crypto map dynmap client
	configuration address respond
	Router(config)#

Cisco Secure Router 520 Series Software Configuration Guide

	OL-14210-01	6-5

Image 69

Cisco Systems 520 series manual Apply Mode Configuration to the Crypto Map

Contents

Americas Headquarters Cisco Secure Router 520 Series Software Configuration GuidePage Iii N T E N T S Verify the Configuration Additional Configuration Options Reference Information Vii Rsvp Viii Using the Tftp Download Command C-5 Preface ObjectiveAudience Part 3 Configuring Additional Features and Troubleshooting Part 2 Configuring Your Router for Ethernet and DSL AccessOrganization Part 1 Getting Started Appendix D, Common Port Assignments Conventions Avvertenza Importanti Istruzioni Sulla Sicurezza Warnung Wichtige SicherheitshinweiseAviso Instruções Importantes DE Segurança Xii Xiii Guarde Estas Instrucciones Xiv GEM Disse AnvisningerPage Cisco Secure Router 520 Series Hardware Installation Guide Cisco Regulatory Compliance and Safety Information RoadmapRelated Documentation Xvi Xvii Obtaining Documentation and Submitting a Service Request Xviii Getting Started Page Basic Router Configuration Information Needed for Customizing the Default Parameters Viewing the Default Configuration Configuring Basic Parameters Interface Port LabelsRouter Interface Port Label Configure Fast Ethernet LAN Interfaces Configure Global ParametersConfigure WAN Interfaces Command Purpose Routerconfig-if# ip address 255.255.255.0 Routerconfig# interface fastethernetInterface type number No shutdown Configuring a Loopback Interface Configure the Wireless InterfaceEnables the ATM 0 interface Exits configuration mode for the ATM interface Interface and returns to global configuration mode Exits configuration mode for the loopbackLoopback interface Router# show interface loopback Password password Configuring Command-Line Access to the RouterLogin Exec-timeoutminutes seconds End Configuring Static Routes Configuration ExampleVerifying Your Configuration Configuring RIP Configuring Dynamic RoutesCommand Task Router rip No auto-summary Configuring Your Router for Ethernet and DSL Access Page Sample Network Deployments For Ethernet-Based Network DeploymentsFor DSL-Based Network Deployments Sample Network Deployments PPPoE session between the client and a PPPoE server Configuring PPP over Ethernet with NAT Command or Action Purpose Configuration TasksVpdn enable PPPoE Configures the PPPoE client and specifies Configure the Fast Ethernet WAN InterfacesRequest-dialin Protocol l2tp pppoe Configure the Dialer Interface Ppp authentication protocol1 protocol2 Configure Network Address TranslationDialer pool number Dialer-group group-number By the access list 1 to be translated to one Enables dynamic translation of addresses onPermitted by access list acl1 to be translated to one Enables the configuration changes just made to Routerconfig# access-list 1 permit Access-list access-list-number deny permitIp nat inside outside Source source-wildcard Router# show ip nat statistics Configuration Example Id 1 access-list 1 interface Dialer0 refcount Queued Packets OL-14210-01 PPP over ATM with NAT Configuring PPP over ATM with NAT PPPoA Authentication Protocol Chap Sets the PPP authentication methodUsing a dialer group controls access to Specifies that the IP address for the dialer Command Reference, Volume 1 of 4 Routing Configure the ATM WAN Interface Configuring Adsl Configure DSL Signaling ProtocolAttribute Description Default Value Dsl lom integer Dsl enable-training-log Permitted by access list acl1 to be translated to One of the addresses specified in the NAT poolPool1 Reference, Volume 1 of 4 Addressing 0.255 ATM0 Dhcp Configuring a LAN with Dhcp and VLANs Configure Dhcp VLANsDotted-decimal domain name Exits Dhcp configuration mode, and enters Enters Dhcp pool configuration mode. The nameGlobal configuration mode Creates a Dhcp address pool on the router Router# show ip dhcp import Verify Your Dhcp ConfigurationIp dhcp pool Server statistics Configure VLANs Vlan databaseVlan vlan-id media type name vlan-name Verify Your Vlan Configuration Assign a Switch Port to a VlanExits interface mode and returns to privileged Exec mode Vlan Router# show vlan-switch Said MTU Remote Access VPN Using IPsec Tunnel Configuring a VPN Using Easy VPN and an IPsec Tunnel Cisco Easy VPN Configure the IKE Policy Configure Group Policy Information Apply Mode Configuration to the Crypto Map Configure IPsec Transforms and Protocols Enable Policy Lookup Configure the IPsec Crypto Method and Parameters Reverse-route Apply the Crypto Map to the Physical InterfaceCrypto map map-name seq-num ipsec-isakmp Dynamic dynamic-map-name discover Crypto map map-name Create an Easy VPN Remote Configuration Crypto ipsec client ezvpn name outside inside Verifying Your Easy VPN ConfigurationEzvpn ezvpnclient outside Router# show crypto ipsec client ezvpn Crypto ipsec client ezvpn ezvpnclient connect auto OL-14210-01 Site-to-Site VPN Using an IPsec Tunnel and GRE Configure a VPN GRE TunnelsVPNs Configure the IKE Policy Ip local pool default poolname Configure Group Policy InformationDomain name Low-ip-address high-ip-address Configure IPsec Transforms and Protocols Enable Policy Lookup Configure the IPsec Crypto Method and Parameters Specifies global lifetime values used whenCreates a dynamic crypto map entry, and enters Map Apply the Crypto Map to the Physical Interface 192.168.101.1 Configure a GRE Tunnel Exits interface configuration mode, and returns to Tunnel interface must be configured toEnters ACL configuration mode for the named Access-list-name ACL that is used by the crypto map Set transform-set set1 match address No cdp run OL-14210-01 Configuring a Simple Firewall Fast Ethernet LAN interface the inside interface for NAT Creates an access list which prevents Internet Configure Access ListsDetails about this command Creates an access list that allows network traffic Apply Access Lists and Inspection Rules to Interfaces Configure Inspection Rules Routerconfig-if# ip access-group 103 Ip nat outside no cdp enable 1shows a wireless network deployment Configuring a Wireless LAN Connection For clients Configure the Root Radio StationEquivalent Privacy WEP cannot use Bridges for more details Name of a wireless network Creates a Service Set ID SSID, the publicSets the permitted authentication methods for a User attempting access to the wireless LAN Configure Bridging on VLANs Configure Radio Station Subinterfaces Bridge-group numberBridge-group parameter On the wireless interface Disables the Cisco Discovery Protocol CDPEnabled, the following commands are Automatically enabled, and cannot be No bridge-group 2 unicast-flooding No ip address bridge-group Configuring Additional Features and Troubleshooting Page 10-1 Additional Configuration Options 10-2 Configuring Security Features Authentication, Authorization, and Accounting11-1 Configuring Access Lists Configuring AutoSecureConfiguration Commands ACL Type Access Groups Configuring a Cbac FirewallIp access-groupaccess-list-number access-list-nameinout Ip inspect name inspection-name protocol timeout seconds Configuring Cisco IOS Firewall IDS Configuring VPNs11-4 Getting Started TroubleshootingBefore Contacting Cisco or Your Reseller 12-1 ATM Troubleshooting Commands Adsl TroubleshootingPing atm interface Command 12-2 12-3 Show interface Command Shutdown command Output Cause12-4 Debug atm Commands Show atm interface CommandField Description 12-5 Router# debug atm errors ATM errors debugging is on Router# 12-6Router# debug atm events Router# Example 12-6 Viewing ATM Interface Processor Events-Failure 12-7 Software Upgrade Methods 12-8Router# debug atm packet Router# 012348ATM0O Change the Configuration Register Recovering a Lost Password12-9 Router# show version Rommon 2 confreg 12-10 Reset the Configuration Register Value Reset the Password and Save Your ChangesRouter# show startup-config Router# copy running-config startup-config 12-12 Reference Information Page Configuring the Router from a PC Cisco IOS Software Basic SkillsPC Operating System Software Understanding Command Modes Ctrl-Z As interface atm Enable Secret Passwords and Enable Passwords Getting HelpRouter rip, from Using Commands Entering Global Configuration Mode Abbreviating Commands Saving Configuration ChangesUndoing Commands Command-Line Error Messages Summary Where to Go Next OL-14210-01 Adsl Concepts Routing Protocol Options Network Protocols PAP PPP Authentication Protocols Network Interfaces EthernetATM for DSL PVC Dialer Interface Easy IP Phase QoS IP PrecedencePPP Fragmentation and Interleaving Low Latency Queuing Cbwfq Access Lists OL-14210-01 Config-reg Resets the configuration register Configure terminal Enters global configuration modeROM Monitor Entering the ROM Monitor Reload ROM Monitor Commands Command Descriptions Disaster Recovery with Tftp DownloadCommand Description Variable Command Tftp Download Command Variables Using the Tftp Download Command Configuration RegisterTFTPTIMEOUT= time Retrytimes Changing the Configuration Register Manually Changing the Configuration Register Using PromptsRommon 1 confreg Command Description Console DownloadXmodem -cyrxdestinationfilename Error Reporting Debug Commands Appendix C ROM Monitor Exiting the ROM Monitor Exiting the ROM Monitor OL-14210-01 Port Keyword Description Common Port Assignments Finger See Adsl See ARPSee AAL See ATM IN-2 See CAR IN-3 See Dhcp IN-4 See LCP IN-5 See RIP See NATIN-6 IN-7 IN-8