Chapter 7 Configuring VPNs Using an IPsec Tunnel and Generic Routing Encapsulation

Configure a VPN

Enable Policy Lookup

Perform these steps to enable policy lookup through AAA, beginning in global configuration mode:

 

Command or Action

Purpose

Step 1

 

 

aaa new-model

Enables the AAA access control model.

 

Example:

 

 

Router(config)# aaa new-model

 

 

Router(config)#

 

Step 2

 

 

aaa authentication login {default list-name}

Specifies AAA authentication of selected users at

 

method1 [method2...]

login, and specifies the method used.

 

Example:

This example uses a local authentication database.

 

You could also use a RADIUS server for this. See

 

 

 

Router(config)# aaa authentication login

the Cisco IOS Security Configuration Guide and

 

rtr-remote local

the Cisco IOS Security Command Reference for

 

Router(config)#

 

details.

 

 

Step 3

 

 

aaa authorization {network exec commands

Specifies AAA authorization of all

 

level reverse-access configuration} {default

network-related service requests, including PPP,

 

list-name} [method1 [method2...]]

and the method used to do so.

 

Example:

This example uses a local authorization database.

 

You could also use a RADIUS server for this. See

 

 

 

Router(config)# aaa authorization network

the Cisco IOS Security Configuration Guide and

 

rtr-remote local

the Cisco IOS Security Command Reference for

 

Router(config)#

 

details.

 

 

Step 4

 

 

username name {nopassword password

Establishes a username-based authentication

 

password password encryption-type

system.

 

encrypted-password}

This example implements a username of cisco

 

 

 

Example:

with an encrypted password of cisco.

 

 

 

Router(config)# username cisco password 0

 

 

cisco

 

 

Router(config)#

 

 

 

 

Configure IPsec Transforms and Protocols

A transform set represents a certain combination of security protocols and algorithms. During IKE negotiation, the peers agree to use a particular transform set for protecting data flow.

During IKE negotiations, the peers search in multiple transform sets for a transform that is the same at both peers. When such a transform set is found, it is selected and applied to the protected traffic as a part of both peers’ configurations.

Cisco Secure Router 520 Series Software Configuration Guide

 

OL-14210-01

7-5

 

 

 

Page 81
Image 81
Cisco Systems 520 series manual Enable Policy Lookup, Configure IPsec Transforms and Protocols