Cisco Systems 520 series manual

Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel

Configuration Example

username Cisco password 0 Cisco

!

crypto isakmp policy 1 encryption 3des authentication pre-share group 2

lifetime 480

!

crypto isakmp client configuration group rtr-remote key secret-password

dns 10.50.10.1 10.60.10.1 domain company.com

pool dynpool

!

crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac

!

crypto ipsec security-association lifetime seconds 86400

!

crypto dynamic-map dynmap 1 set transform-set vpn1 reverse-route

!

crypto map static-map 1 ipsec-isakmp dynamic dynmap crypto map dynmap isakmp authorization list rtr-remote crypto map dynmap client configuration address respond

crypto ipsec client ezvpn ezvpnclient connect auto

group 2 key secret-password mode client

peer 192.168.100.1

!

interface fastethernet 4

crypto ipsec client ezvpn ezvpnclient outside crypto map static-map

!

interface vlan 1

crypto ipsec client ezvpn ezvpnclient inside

!

		Cisco Secure Router 520 Series Software Configuration Guide
		Cisco Secure Router 520 Series Software Configuration Guide
	OL-14210-01			6-11
	OL-14210-01			6-11

Image 75

Cisco Systems 520 series manual Crypto ipsec client ezvpn ezvpnclient connect auto

Contents

Americas Headquarters Cisco Secure Router 520 Series Software Configuration GuidePage Iii N T E N T S Verify the Configuration Additional Configuration Options Reference Information Vii Rsvp Viii Using the Tftp Download Command C-5 Preface ObjectiveAudience Part 1 Getting Started Part 2 Configuring Your Router for Ethernet and DSL AccessPart 3 Configuring Additional Features and Troubleshooting Organization Appendix D, Common Port Assignments Conventions Xii Warnung Wichtige SicherheitshinweiseAvvertenza Importanti Istruzioni Sulla Sicurezza Aviso Instruções Importantes DE Segurança Xiii Guarde Estas Instrucciones Xiv GEM Disse AnvisningerPage Xvi Cisco Regulatory Compliance and Safety Information RoadmapCisco Secure Router 520 Series Hardware Installation Guide Related Documentation Xvii Obtaining Documentation and Submitting a Service Request Xviii Getting Started Page Basic Router Configuration Information Needed for Customizing the Default Parameters Viewing the Default Configuration Configuring Basic Parameters Interface Port LabelsRouter Interface Port Label Command Purpose Configure Global ParametersConfigure Fast Ethernet LAN Interfaces Configure WAN Interfaces No shutdown Routerconfig# interface fastethernetRouterconfig-if# ip address 255.255.255.0 Interface type number Exits configuration mode for the ATM interface Configure the Wireless InterfaceConfiguring a Loopback Interface Enables the ATM 0 interface Router# show interface loopback Exits configuration mode for the loopbackInterface and returns to global configuration mode Loopback interface Exec-timeoutminutes seconds Configuring Command-Line Access to the RouterPassword password Login End Configuring Static Routes Configuration ExampleVerifying Your Configuration Router rip Configuring Dynamic RoutesConfiguring RIP Command Task No auto-summary Configuring Your Router for Ethernet and DSL Access Page Sample Network Deployments For Ethernet-Based Network DeploymentsFor DSL-Based Network Deployments Sample Network Deployments PPPoE session between the client and a PPPoE server Configuring PPP over Ethernet with NAT PPPoE Configuration TasksCommand or Action Purpose Vpdn enable Protocol l2tp pppoe Configure the Fast Ethernet WAN InterfacesConfigures the PPPoE client and specifies Request-dialin Configure the Dialer Interface Dialer-group group-number Configure Network Address TranslationPpp authentication protocol1 protocol2 Dialer pool number Enables the configuration changes just made to Enables dynamic translation of addresses onBy the access list 1 to be translated to one Permitted by access list acl1 to be translated to one Source source-wildcard Access-list access-list-number deny permitRouterconfig# access-list 1 permit Ip nat inside outside Router# show ip nat statistics Configuration Example Id 1 access-list 1 interface Dialer0 refcount Queued Packets OL-14210-01 PPP over ATM with NAT Configuring PPP over ATM with NAT PPPoA Specifies that the IP address for the dialer Sets the PPP authentication methodAuthentication Protocol Chap Using a dialer group controls access to Command Reference, Volume 1 of 4 Routing Configure the ATM WAN Interface Dsl lom integer Dsl enable-training-log Configure DSL Signaling ProtocolConfiguring Adsl Attribute Description Default Value Permitted by access list acl1 to be translated to One of the addresses specified in the NAT poolPool1 Reference, Volume 1 of 4 Addressing 0.255 ATM0 Dhcp Configuring a LAN with Dhcp and VLANs Configure Dhcp VLANsDotted-decimal domain name Creates a Dhcp address pool on the router Enters Dhcp pool configuration mode. The nameExits Dhcp configuration mode, and enters Global configuration mode Server statistics Verify Your Dhcp ConfigurationRouter# show ip dhcp import Ip dhcp pool Configure VLANs Vlan databaseVlan vlan-id media type name vlan-name Exec mode Assign a Switch Port to a VlanVerify Your Vlan Configuration Exits interface mode and returns to privileged Vlan Router# show vlan-switch Said MTU Remote Access VPN Using IPsec Tunnel Configuring a VPN Using Easy VPN and an IPsec Tunnel Cisco Easy VPN Configure the IKE Policy Configure Group Policy Information Apply Mode Configuration to the Crypto Map Configure IPsec Transforms and Protocols Enable Policy Lookup Configure the IPsec Crypto Method and Parameters Dynamic dynamic-map-name discover Apply the Crypto Map to the Physical InterfaceReverse-route Crypto map map-name seq-num ipsec-isakmp Crypto map map-name Create an Easy VPN Remote Configuration Router# show crypto ipsec client ezvpn Verifying Your Easy VPN ConfigurationCrypto ipsec client ezvpn name outside inside Ezvpn ezvpnclient outside Crypto ipsec client ezvpn ezvpnclient connect auto OL-14210-01 Site-to-Site VPN Using an IPsec Tunnel and GRE Configure a VPN GRE TunnelsVPNs Configure the IKE Policy Low-ip-address high-ip-address Configure Group Policy InformationIp local pool default poolname Domain name Configure IPsec Transforms and Protocols Enable Policy Lookup Configure the IPsec Crypto Method and Parameters Specifies global lifetime values used whenCreates a dynamic crypto map entry, and enters Map Apply the Crypto Map to the Physical Interface 192.168.101.1 Configure a GRE Tunnel Access-list-name ACL that is used by the crypto map Tunnel interface must be configured toExits interface configuration mode, and returns to Enters ACL configuration mode for the named Set transform-set set1 match address No cdp run OL-14210-01 Configuring a Simple Firewall Fast Ethernet LAN interface the inside interface for NAT Creates an access list that allows network traffic Configure Access ListsCreates an access list which prevents Internet Details about this command Apply Access Lists and Inspection Rules to Interfaces Configure Inspection Rules Routerconfig-if# ip access-group 103 Ip nat outside no cdp enable 1shows a wireless network deployment Configuring a Wireless LAN Connection Bridges for more details Configure the Root Radio StationFor clients Equivalent Privacy WEP cannot use User attempting access to the wireless LAN Creates a Service Set ID SSID, the publicName of a wireless network Sets the permitted authentication methods for a Configure Bridging on VLANs Configure Radio Station Subinterfaces Bridge-group numberBridge-group parameter Automatically enabled, and cannot be Disables the Cisco Discovery Protocol CDPOn the wireless interface Enabled, the following commands are No bridge-group 2 unicast-flooding No ip address bridge-group Configuring Additional Features and Troubleshooting Page 10-1 Additional Configuration Options 10-2 Configuring Security Features Authentication, Authorization, and Accounting11-1 ACL Type Configuring AutoSecureConfiguring Access Lists Configuration Commands Ip inspect name inspection-name protocol timeout seconds Configuring a Cbac FirewallAccess Groups Ip access-groupaccess-list-number access-list-nameinout Configuring Cisco IOS Firewall IDS Configuring VPNs11-4 12-1 TroubleshootingGetting Started Before Contacting Cisco or Your Reseller 12-2 Adsl TroubleshootingATM Troubleshooting Commands Ping atm interface Command 12-3 Show interface Command Shutdown command Output Cause12-4 12-5 Show atm interface CommandDebug atm Commands Field Description Router# debug atm errors ATM errors debugging is on Router# 12-6Router# debug atm events Router# Example 12-6 Viewing ATM Interface Processor Events-Failure 12-7 Software Upgrade Methods 12-8Router# debug atm packet Router# 012348ATM0O Router# show version Recovering a Lost PasswordChange the Configuration Register 12-9 Rommon 2 confreg 12-10 Router# copy running-config startup-config Reset the Password and Save Your ChangesReset the Configuration Register Value Router# show startup-config 12-12 Reference Information Page Configuring the Router from a PC Cisco IOS Software Basic SkillsPC Operating System Software Understanding Command Modes Ctrl-Z As interface atm Enable Secret Passwords and Enable Passwords Getting HelpRouter rip, from Using Commands Entering Global Configuration Mode Command-Line Error Messages Saving Configuration ChangesAbbreviating Commands Undoing Commands Summary Where to Go Next OL-14210-01 Adsl Concepts Routing Protocol Options Network Protocols PAP PPP Authentication Protocols Network Interfaces EthernetATM for DSL PVC Dialer Interface Easy IP Phase QoS IP PrecedencePPP Fragmentation and Interleaving Low Latency Queuing Cbwfq Access Lists OL-14210-01 Entering the ROM Monitor Configure terminal Enters global configuration modeConfig-reg Resets the configuration register ROM Monitor Reload ROM Monitor Commands Command Descriptions Disaster Recovery with Tftp DownloadCommand Description Variable Command Tftp Download Command Variables Retrytimes Configuration RegisterUsing the Tftp Download Command TFTPTIMEOUT= time Changing the Configuration Register Manually Changing the Configuration Register Using PromptsRommon 1 confreg Command Description Console DownloadXmodem -cyrxdestinationfilename Error Reporting Debug Commands Appendix C ROM Monitor Exiting the ROM Monitor Exiting the ROM Monitor OL-14210-01 Port Keyword Description Common Port Assignments Finger See ATM See ARPSee Adsl See AAL IN-2 See CAR IN-3 See Dhcp IN-4 See LCP IN-5 See RIP See NATIN-6 IN-7 IN-8