Assigns a crypto map to the tunnel | Cisco Systems 520 series

Chapter 7 Configuring VPNs Using an IPsec Tunnel and Generic Routing Encapsulation

Configuration Example

	Command or Action	Purpose
Step 5
Step 5	crypto map map-name	Assigns a crypto map to the tunnel.
	Example:	Note Dynamic routing or static routes to the
	Example:	tunnel interface must be configured to
		tunnel interface must be configured to
	Router(config-if)#crypto map static-map	establish connectivity between the sites.
	Router(config-if)#	See the Cisco IOS Security Configuration
		See the Cisco IOS Security Configuration
		Guide for details.
Step 6
Step 6	exit	Exits interface configuration mode, and returns to
		global configuration mode.
	Example:
	Router(config-if)# exit
	Router(config)#
Step 7
Step 7	ip access-list {standard extended}	Enters ACL configuration mode for the named
	access-list-name	ACL that is used by the crypto map.
	Example:
	Router(config)# ip access-list extended
	vpnstatic1
	Router(config-ext-nacl)#
Step 8
Step 8	permit protocol source source-wildcard	Specifies that only GRE traffic is permitted on the
	destination destination-wildcard	outbound interface.
	Example:
	Router(config-ext-nacl)# permit gre host
	192.168.100.1 host 192.168.101.1
	Router(config-ext-nacl)#
Step 9
Step 9	exit	Returns to global configuration mode.
	Example:
	Router(config-ext-nacl)# exit
	Router(config)#

Configuration Example

The following configuration example shows a portion of the configuration file for a VPN using a GRE tunnel scenario described in the preceding sections.

!

aaanew-model

!

aaa authentication login rtr-remote local aaa authorization network rtr-remote local aaa session-id common

!

username cisco password 0 cisco

!

interface tunnel 1

ip address 10.62.1.193 255.255.255.252

Cisco Secure Router 520 Series Software Configuration Guide

	OL-14210-01	7-9

Image 85

Cisco Systems 520 series Assigns a crypto map to the tunnel, Tunnel interface must be configured to, Guide for details

Contents

Americas Headquarters Cisco Secure Router 520 Series Software Configuration GuidePage Iii N T E N T S Verify the Configuration Additional Configuration Options Reference Information Vii Rsvp Viii Using the Tftp Download Command C-5 Objective PrefaceAudience Part 3 Configuring Additional Features and Troubleshooting Part 2 Configuring Your Router for Ethernet and DSL AccessOrganization Part 1 Getting Started Appendix D, Common Port Assignments Conventions Avvertenza Importanti Istruzioni Sulla Sicurezza Warnung Wichtige SicherheitshinweiseAviso Instruções Importantes DE Segurança Xii Xiii Guarde Estas Instrucciones Xiv GEM Disse AnvisningerPage Cisco Secure Router 520 Series Hardware Installation Guide Cisco Regulatory Compliance and Safety Information RoadmapRelated Documentation Xvi Xvii Obtaining Documentation and Submitting a Service Request Xviii Getting Started Page Basic Router Configuration Information Needed for Customizing the Default Parameters Viewing the Default Configuration Interface Port Labels Configuring Basic ParametersRouter Interface Port Label Configure Fast Ethernet LAN Interfaces Configure Global ParametersConfigure WAN Interfaces Command Purpose Routerconfig-if# ip address 255.255.255.0 Routerconfig# interface fastethernetInterface type number No shutdown Configuring a Loopback Interface Configure the Wireless InterfaceEnables the ATM 0 interface Exits configuration mode for the ATM interface Interface and returns to global configuration mode Exits configuration mode for the loopbackLoopback interface Router# show interface loopback Password password Configuring Command-Line Access to the RouterLogin Exec-timeoutminutes seconds End Configuration Example Configuring Static RoutesVerifying Your Configuration Configuring RIP Configuring Dynamic RoutesCommand Task Router rip No auto-summary Configuring Your Router for Ethernet and DSL Access Page For Ethernet-Based Network Deployments Sample Network DeploymentsFor DSL-Based Network Deployments Sample Network Deployments PPPoE session between the client and a PPPoE server Configuring PPP over Ethernet with NAT Command or Action Purpose Configuration TasksVpdn enable PPPoE Configures the PPPoE client and specifies Configure the Fast Ethernet WAN InterfacesRequest-dialin Protocol l2tp pppoe Configure the Dialer Interface Ppp authentication protocol1 protocol2 Configure Network Address TranslationDialer pool number Dialer-group group-number By the access list 1 to be translated to one Enables dynamic translation of addresses onPermitted by access list acl1 to be translated to one Enables the configuration changes just made to Routerconfig# access-list 1 permit Access-list access-list-number deny permitIp nat inside outside Source source-wildcard Router# show ip nat statistics Configuration Example Id 1 access-list 1 interface Dialer0 refcount Queued Packets OL-14210-01 PPP over ATM with NAT Configuring PPP over ATM with NAT PPPoA Authentication Protocol Chap Sets the PPP authentication methodUsing a dialer group controls access to Specifies that the IP address for the dialer Command Reference, Volume 1 of 4 Routing Configure the ATM WAN Interface Configuring Adsl Configure DSL Signaling ProtocolAttribute Description Default Value Dsl lom integer Dsl enable-training-log One of the addresses specified in the NAT pool Permitted by access list acl1 to be translated toPool1 Reference, Volume 1 of 4 Addressing 0.255 ATM0 Dhcp Configuring a LAN with Dhcp and VLANs VLANs Configure DhcpDotted-decimal domain name Exits Dhcp configuration mode, and enters Enters Dhcp pool configuration mode. The nameGlobal configuration mode Creates a Dhcp address pool on the router Router# show ip dhcp import Verify Your Dhcp ConfigurationIp dhcp pool Server statistics Vlan database Configure VLANsVlan vlan-id media type name vlan-name Verify Your Vlan Configuration Assign a Switch Port to a VlanExits interface mode and returns to privileged Exec mode Vlan Router# show vlan-switch Said MTU Remote Access VPN Using IPsec Tunnel Configuring a VPN Using Easy VPN and an IPsec Tunnel Cisco Easy VPN Configure the IKE Policy Configure Group Policy Information Apply Mode Configuration to the Crypto Map Configure IPsec Transforms and Protocols Enable Policy Lookup Configure the IPsec Crypto Method and Parameters Reverse-route Apply the Crypto Map to the Physical InterfaceCrypto map map-name seq-num ipsec-isakmp Dynamic dynamic-map-name discover Crypto map map-name Create an Easy VPN Remote Configuration Crypto ipsec client ezvpn name outside inside Verifying Your Easy VPN ConfigurationEzvpn ezvpnclient outside Router# show crypto ipsec client ezvpn Crypto ipsec client ezvpn ezvpnclient connect auto OL-14210-01 Site-to-Site VPN Using an IPsec Tunnel and GRE GRE Tunnels Configure a VPNVPNs Configure the IKE Policy Ip local pool default poolname Configure Group Policy InformationDomain name Low-ip-address high-ip-address Configure IPsec Transforms and Protocols Enable Policy Lookup Specifies global lifetime values used when Configure the IPsec Crypto Method and ParametersCreates a dynamic crypto map entry, and enters Map Apply the Crypto Map to the Physical Interface 192.168.101.1 Configure a GRE Tunnel Exits interface configuration mode, and returns to Tunnel interface must be configured toEnters ACL configuration mode for the named Access-list-name ACL that is used by the crypto map Set transform-set set1 match address No cdp run OL-14210-01 Configuring a Simple Firewall Fast Ethernet LAN interface the inside interface for NAT Creates an access list which prevents Internet Configure Access ListsDetails about this command Creates an access list that allows network traffic Apply Access Lists and Inspection Rules to Interfaces Configure Inspection Rules Routerconfig-if# ip access-group 103 Ip nat outside no cdp enable 1shows a wireless network deployment Configuring a Wireless LAN Connection For clients Configure the Root Radio StationEquivalent Privacy WEP cannot use Bridges for more details Name of a wireless network Creates a Service Set ID SSID, the publicSets the permitted authentication methods for a User attempting access to the wireless LAN Configure Bridging on VLANs Bridge-group number Configure Radio Station SubinterfacesBridge-group parameter On the wireless interface Disables the Cisco Discovery Protocol CDPEnabled, the following commands are Automatically enabled, and cannot be No bridge-group 2 unicast-flooding No ip address bridge-group Configuring Additional Features and Troubleshooting Page 10-1 Additional Configuration Options 10-2 Authentication, Authorization, and Accounting Configuring Security Features11-1 Configuring Access Lists Configuring AutoSecureConfiguration Commands ACL Type Access Groups Configuring a Cbac FirewallIp access-groupaccess-list-number access-list-nameinout Ip inspect name inspection-name protocol timeout seconds Configuring VPNs Configuring Cisco IOS Firewall IDS11-4 Getting Started TroubleshootingBefore Contacting Cisco or Your Reseller 12-1 ATM Troubleshooting Commands Adsl TroubleshootingPing atm interface Command 12-2 12-3 Show interface Command Output Cause Shutdown command12-4 Debug atm Commands Show atm interface CommandField Description 12-5 12-6 Router# debug atm errors ATM errors debugging is on Router#Router# debug atm events Router# Example 12-6 Viewing ATM Interface Processor Events-Failure 12-7 12-8 Software Upgrade MethodsRouter# debug atm packet Router# 012348ATM0O Change the Configuration Register Recovering a Lost Password12-9 Router# show version Rommon 2 confreg 12-10 Reset the Configuration Register Value Reset the Password and Save Your ChangesRouter# show startup-config Router# copy running-config startup-config 12-12 Reference Information Page Cisco IOS Software Basic Skills Configuring the Router from a PCPC Operating System Software Understanding Command Modes Ctrl-Z As interface atm Getting Help Enable Secret Passwords and Enable PasswordsRouter rip, from Using Commands Entering Global Configuration Mode Abbreviating Commands Saving Configuration ChangesUndoing Commands Command-Line Error Messages Summary Where to Go Next OL-14210-01 Adsl Concepts Routing Protocol Options Network Protocols PAP PPP Authentication Protocols Ethernet Network InterfacesATM for DSL PVC Dialer Interface Easy IP Phase IP Precedence QoSPPP Fragmentation and Interleaving Low Latency Queuing Cbwfq Access Lists OL-14210-01 Config-reg Resets the configuration register Configure terminal Enters global configuration modeROM Monitor Entering the ROM Monitor Reload ROM Monitor Commands Disaster Recovery with Tftp Download Command DescriptionsCommand Description Variable Command Tftp Download Command Variables Using the Tftp Download Command Configuration RegisterTFTPTIMEOUT= time Retrytimes Changing the Configuration Register Using Prompts Changing the Configuration Register ManuallyRommon 1 confreg Console Download Command DescriptionXmodem -cyrxdestinationfilename Error Reporting Debug Commands Appendix C ROM Monitor Exiting the ROM Monitor Exiting the ROM Monitor OL-14210-01 Port Keyword Description Common Port Assignments Finger See Adsl See ARPSee AAL See ATM IN-2 See CAR IN-3 See Dhcp IN-4 See LCP IN-5 See NAT See RIPIN-6 IN-7 IN-8