Lifetime seconds Exit | Cisco Systems C819GUK9, C819HG4GVK9 specification

Chapter 13 Configuring a VPN Using Easy VPN and an IPSec Tunnel

Configuration Tasks

6.lifetime seconds

7.exit

DETAILED STEPS

				Command or Action	Purpose
			Step 1
			Step 1	crypto isakmp policy priority	Creates an IKE policy that is used during IKE
				Example:	negotiation. The priority is a number from 1 to
				Example:	10000, with 1 being the highest.
				Router(config)# crypto isakmp policy 1	Also enters the Internet Security Association Key
				Router(config-isakmp)#	Also enters the Internet Security Association Key
				Router(config-isakmp)#	and Management Protocol (ISAKMP) policy
					and Management Protocol (ISAKMP) policy
					configuration mode.
			Step 2
			Step 2	encryption {des 3des aes aes 192	Specifies the encryption algorithm used in the IKE
				aes 256}	policy.
				Example:	The example specifies 168-bit data encryption
				Example:	standard (DES).
				Router(config-isakmp)# encryption 3des	standard (DES).
				Router(config-isakmp)# encryption 3des
				Router(config-isakmp)#
			Step 3
			Step 3	hash {md5 sha}	Specifies the hash algorithm used in the IKE
				Example:	policy.
				Example:	The example specifies the Message Digest 5
				Router(config-isakmp)# hash md5	The example specifies the Message Digest 5
				Router(config-isakmp)# hash md5	(MD5) algorithm. The default is Secure Hash
				Router(config-isakmp)#	(MD5) algorithm. The default is Secure Hash
				Router(config-isakmp)#	standard (SHA-1).
					standard (SHA-1).
			Step 4
			Step 4	authentication {rsa-sig rsa-encr	Specifies the authentication method used in the
				pre-share}	IKE policy.
				Example:	The example specifies a pre-shared key.
				Example:
				Router(config-isakmp)# authentication
				pre-share
				Router(config-isakmp)#
			Step 5
			Step 5	group {1 2 5}	Specifies the Diffie-Hellman group to be used in
				Example:	an IKE policy.
				Example:
				Router(config-isakmp)# group 2
				Router(config-isakmp)#
			Step 6
			Step 6	lifetime seconds	Specifies the lifetime, 60 to 86400 seconds, for an
				Example:	IKE security association (SA).
				Example:
				Router(config-isakmp)# lifetime 480
				Router(config-isakmp)#
			Step 7
			Step 7	exit	Exits IKE policy configuration mode and enters
				Example:	global configuration mode.
				Example:
				Router(config-isakmp)# exit
				Router(config)#

			Cisco 819 Integrated Services Routers Software Configuration Guide


	13-4				OL-23590-02
	13-4				OL-23590-02

Image 152

Cisco Systems C819GUK9, C819HG4GVK9 manual Lifetime seconds Exit

Contents

Americas Headquarters Text Part Number OL-23590-02 September 2Page N T E N T S Data Account Provisioning Configuring a Cellular Interface Specifying a Synchronous Serial Interface Create a Cisco Easy VPN Remote Configuration NAT Getting Help TACACS+ OL-23590-02 Product Overview General Description 1shows the Cisco 819HG ISR SKU Information New Features3G Features Security Features Wlan FeaturesPlatform Features Wireless Device Overview ScanSafe Color Description Tftp support with Ethernet WAN interfaceLEDs Rssi Router# show controllers cellular Dual-Radio Wireless Local Area NetworkWlan Features CleanAir Technology Images SupportedDynamic Frequency Selection LEDs Wlan LED OL-23590-02 4G LTE Wireless WAN OL-23590-02 Basic Router Configuration Router Interface Port Label Default ConfigurationInterface Ports Information Needed for Configuration OL-23590-02 Configuring Command-Line Access Line aux console tty vty line-number Password password Login Command Purpose Example Enables password checking at the virtual terminal Session loginExits line configuration mode and returns to Privileged Exec mode Configuring Global Parameters No shutdown Exit Configuring WAN InterfacesConfiguring a Gigabit Ethernet WAN Interface Configuring the Cellular Wireless WAN Interface Example Prerequisites for Configuring the 3G Wireless Interface Restrictions for Configuring the Cellular Wireless Interface Command or Action Purpose Data Account Provisioning Shows the radio signal strength Signal strength, the network security, and so onDetails about the command parameters Displays the cellular gps information 2lists the modem data profile parameters Activation and Provisioning Process CarrierManual Activation Cellular unit cdma activate manual mdn msid msl Router # cellular 0 cdma activate otasp phonenumber Activating with Over-the-Air Service ProvisioningCellular cdma activate iota Configuring a Cellular Interface Configuring DDR Interface cellular Dialer string string Enters global configuration mode Enables DDR and configures the specified serialSpecifies the number of the dialer access group to Enters the global configuration mode Specifies the line configuration mode. It is always Specifies a default modem chat scriptExits line configuration mode Configures this line for GSM Examples for Configuring Cellular Wireless Interfaces This section provides the following configuration examples Tunnel over Cellular Interface Configuration Following shows how to configure an HSPA+ modem Configuring Dual SIM for Cellular Networks Command Syntax Description Perform the following commands to manually switch the SIM Following command forces the modem to connect to SIM1Cellular GSM SIM Locks or unlocks the SIM Rommon Behavior IOS Behavior Output When Button Is Not Pushed ExampleOutput When Button Is Pushed Example Push Button in Wlan AP Configuring a Loopback InterfaceConfiguring the Fast Ethernet LAN Interfaces Verifying Configuration Router# show interface loopback Configuring Static Routes Another way to verify the loopback interface is to ping it Example Configuring Dynamic RoutesVerifying Configuration Configuring Routing Information Protocol Command TaskRouter rip Version 1 No auto-summary End Configuring Enhanced Interior Gateway Routing Protocol Router eigrp as-number Enters router configuration mode and enables Be applied, using the IP address of the networkEigrp on the router. The autonomous-system Number identifies the route to other Eigrp routers OL-23590-02 819 Yes Configuring Backup Data Lines and Remote ManagementConfiguring Backup Interfaces Enters interface configuration mode for Interface for which you want to configure backupAssigns an interface as the secondary or backup Be configured to back up a serial 0 interface Configuring Cellular Dial-on-Demand Routing Backup Configuring DDR Backup Using Dialer WatchConfigure terminal Dialer watch group group-number Enables dialer watch on the backup interface Do not use the access list permit all command toUsing the chat script command Specifies the interface Configuring DDR Backup Using Floating Static Route No aaa new-model Source-interface Dialer2 Line vty 0 4 login Scheduler max-task-time Webvpn cef end Dial Backup and Remote Management Through the Auxiliary Port Ip name-server server-address Ip dhcp pool name Exit Enters Dhcp pool configuration mode. The name Configure the Dhcp address pool. ForSample commands that you can use in Dhcp Pool configuration mode, see the Example Enters configuration mode for the line interface Switches the port from console to auxiliary port Exits the configure interface modeEnters configuration mode for the auxiliary Enables hardware signal flow control Ppp authentication pap callin PC IP address behind CPE OL-23590-02 Environmental and Power Management Router# show environment Environmental and Power Management Cisco EnergyWise Support Cisco EnergyWise Support Configuring the Serial Interface WAN Concentration Legacy Protocol Transport Configuring Serial InterfacesProduct Number Cable Type Length Connector Type PPP Encapsulation Information About Configuring Serial InterfacesCisco Hdlc Encapsulation Keepalive Timer Multilink PPP Frame Relay Encapsulation How to Configure Serial Interfaces Configuring a Synchronous Serial InterfaceLMI on Frame Relay Interfaces This section contains the following tasks Specifying Synchronous Serial Encapsulation Configures synchronous serial encapsulationSpecifying a Synchronous Serial Interface Signals Configuring PPPConfigures an Sdlc interface for half-duplex mode Configuring Compression of Hdlc Data Using the Nrzi Line-Coding FormatEncapsulation hdlc Compress stac Nrzi-encoding Inverting the Transmit Clock Signal Enabling the Internal ClockTransmit-clock-internal Invert txclock Invert rxclock Ignoring DCD and Monitoring DSR as Line Up/Down Indicator Setting Transmit DelayConfiguring DTR Signal Pulsing Dce-terminal-timing enable Configures the DCE to use Scte from the DTESpecifying the Serial Network Interface Module Timing Ignore-dcd Specifies timing configuration to invert TXC clock Dte-invert-txc Configuring Low-Speed Serial Interfaces Understanding Half-Duplex DTE and DCE State Machines Half-Duplex DCE State Machines Half-Duplex DCE Transmit State Machine Places a low-speed serial interface Constant-carrier modeNo half-duplex controlled-carrier Physical-layer sync async Sdlc cts-delay Sdlc rts-timeoutChanging Between Synchronous and Asynchronous Modes Configuration Examples Interface Enablement Configuration ExamplesReturns the interface to its default mode, which is No physical-layer Low-Speed Serial Interface Examples Synchronous or Asynchronous Mode ExamplesHalf-Duplex Timers Example Configuring Security Features Authentication, Authorization, and Accounting Configuring AutoSecure Configuring Access ListsConfiguration Commands ACL Type Configuring Cisco IOS Firewall Access Groups URL Filtering Configuring Cisco IOS IPSConfiguring VPN Remote Access VPN Site-to-Site VPN Branch office containing multiple LANs and VLANsVPN client-Cisco 819 ISR Corporate office network Configure the IKE Policy Configuration ExamplesConfigure a VPN over an IPSec Tunnel Command or Action Purpose Configure Group Policy Information Domain name Exit Apply Mode Configuration to the Crypto Map Exits IKE group policy configuration modeFor details about this command and additional Specifies a local address pool for the group Enable Policy Lookup Crypto ipsec profile profile-name Configure IPSec Transforms and ProtocolsConfigure the IPSec Crypto Method and Parameters See Cisco IOS Security Command Reference for Crypto map map-name Exit Where to Go NextApply the Crypto Map to the Physical Interface Crypto ipsec client ezvpn name outside inside Exit Create a Cisco Easy VPN Remote ConfigurationCrypto ipsec client ezvpn name Configuration Example Configure a Site-to-Site GRE Tunnel Creates a tunnel interface and enters interface Returns to global configuration mode No cdp run Configuring the Ethernet Switches Switch Port Numbering and NamingRestrictions for the FE Switch 10-1 Information About Ethernet Switches Switched Port Analyzer Overview of Snmp MIBsIgmp Snooping Storm Control BRIDGE-MIB for Layer 2 Ethernet Switching Routerconfig#snmp-server community public RWMIBs MIBs Link 10-4 MAC Address Notification 10-5 How to Configure Ethernet Switches Configuring VLANsVLANs on the FE Ports 10-6 Configuring Layer 2 Interfaces Switchport mode dynamic desirableVLANs on the GE Port Comand Purpose 10-8 Configuring 802.1x AuthenticationConfiguring Spanning Tree Protocol Configuring MAC Table Manipulation Configuring Cisco Discovery ProtocolPort Security 10-9 Configuring the Switched Port Analyzer Configuring IP Multicast Layer 3 SwitchingConfiguring Igmp Snooping Configuring Per-Port Storm Control Configuring Fallback Bridging 10-11 Managing the Switch 10-12 Configuring PPP over Ethernet with NAT 11-1 Configuration Tasks Configure the Virtual Private Dialup Network Group NumberPPPoE 11-2 Configure the Fast Ethernet WAN Interfaces 11-3 Configure the Dialer Interface 11-4 Ip address negotiated Ip mtu bytes 11-5 Configure Network Address Translation 11-6 Ip nat inside outside No shutdown Exit 11-7 11-8 Configuration Example 11-9 11-10 Verifying Your Configuration 11-11 11-12 Configuring a LAN with Dhcp and VLANs 12-1 12-2 Configure DhcpVLANs Detailed Steps 12-3 Verify Your Dhcp Configuration 12-4 12-5 Configure VLANsVlan ? Assign a Switch Port to a Vlan Switchport access vlan vlan-id EndExample 12-6 Verify Your Vlan Configuration 12-7 12-8 Router# vlan database Router# show vlan-switch 12-9 12-10 Configuring a VPN Using Easy VPN and an IPSec Tunnel 13-1 Cisco Easy VPN Remote, networked usersVPN client-Cisco 819 ISRs VPN server-Easy VPN server Configure the IKE Policy 13-3 Lifetime seconds Exit Configure Group Policy Information Internet Naming Service Wins serversFor the group by using the wins command 13-5 Apply Mode Configuration to the Crypto Map 13-6 13-7 Enable Policy LookupLogin, and specifies the method used 13-8 Configure IPSec Transforms and ProtocolsConfigure the IPSec Crypto Method and Parameters 13-9 13-10 Create an Easy VPN Remote ConfigurationApply the Crypto Map to the Physical Interface Mode client network-extension network extension plus Exit 13-11 13-12 Verifying Your Easy VPN ConfigurationFollowing example verifies your easy vpn connection 13-13 13-14 Configuring the Router from a PC Cisco IOS Software Basic Skills Understanding Command Modes PC Operating System Terminal Emulation Software To exit to user Exec Use this mode to Global Enter the configureUser Exec Begin a session with As interface atm Configuration mode Routing protocol Appropriate Getting HelpRouter Enter one of the router Router rip-from You can now make changes to your router configuration Enable Secret Passwords and Enable PasswordsEntering Global Configuration Mode Using Commands Abbreviating CommandsUndoing Commands Command-Line Error Messages Summary Saving Configuration ChangesWhere to Go Next OL-18906-02 Concepts Network Protocols Protocol Ideal Topology Metric Routing Updates Routing Protocol Options PPP Authentication Protocols Enhanced Igrp Ethernet Chap Dial Backup Backup InterfaceFloating Static Routes Dialer Watch Easy IP Phase QoS IP Precedence PPP Fragmentation and Interleaving Access Lists Low Latency Queuing OL-18906-02 Configure terminal Enters global configuration mode Config-reg Resets the configuration registerROM Monitor Entering the ROM Monitor ROM Monitor Commands Exits global configuration modeReload Prompt increments with each new line Command Description Command DescriptionsDisaster Recovery with Tftp Download Required Variables Tftp Download Command VariablesVariable Command Optional Variables Using the Tftp Download CommandConfigures how the router displays file Examples You will see an output similar to the following Type Embedded AP s Appendix C ROM Monitor Configuration Register Appendix C ROM Monitor Configuration Register Changing the Configuration Register Manually Changing the Configuration Register Using Prompts Command Description Console Download Context-Displays processor context for example Debug CommandsError Reporting Exiting the ROM Monitor Appendix C ROM Monitor Exiting the ROM Monitor Common Port Assignments Port Keyword Description Any private RJE service ISO-Transport Service Access PointProcedure Call Authentication service