Apply Mode Configuration to the Crypto Map | Cisco Systems C819GUK9

Chapter 13 Configuring a VPN Using Easy VPN and an IPSec Tunnel

Configuration Tasks

	Command or Action		Purpose
Step 5
Step 5	exit		Exits IKE group policy configuration mode and
	Example:		enters global configuration mode.
	Example:
	Router(config-isakmp-group)# exit
	Router(config)#
Step 6
Step 6	ip local pool {default poolname}		Specifies a local address pool for the group.
	[low-ip-address [high-ip-address]]		For details about this command and additional
			For details about this command and additional
	Example:		parameters that can be set, see Cisco IOS Dial
	Example:		Technologies Command Reference.
	Router(config)# ip local pool dynpool		Technologies Command Reference.
	Router(config)# ip local pool dynpool
	30.30.30.20	30.30.30.30
	Router(config)#

Apply Mode Configuration to the Crypto Map

Perform these steps to apply mode configuration to the crypto map, beginning in global configuration mode:

SUMMARY STEPS

1.crypto map map-nameisakmp authorization list list-name

2.crypto map tag client configuration address [initiate respond]

DETAILED STEPS

	Command or Action	Purpose
Step 1
Step 1	crypto map map-nameisakmp authorization	Applies mode configuration to the crypto map and
	list list-name	enables key lookup (IKE queries) for the group
	Example:	policy from an authentication, authorization, and
	Example:	accounting (AAA) server.
		accounting (AAA) server.
	Router(config)# crypto map dynmap isakmp
	authorization list rtr-remote
	Router(config)#
Step 2
Step 2	crypto map tag client configuration address	Configures the router to reply to mode
	[initiate respond]	configuration requests from remote clients.
	Example:
	Router(config)# crypto map dynmap client
	configuration address respond
	Router(config)#

	Cisco 819 Integrated Services Routers Software Configuration Guide
13-6	OL-23590-02

Image 154

Cisco Systems C819GUK9, C819HG4GVK9 manual Apply Mode Configuration to the Crypto Map, 13-6

Contents

Americas Headquarters Text Part Number OL-23590-02 September 2Page N T E N T S Data Account Provisioning Configuring a Cellular Interface Specifying a Synchronous Serial Interface Create a Cisco Easy VPN Remote Configuration NAT Getting Help TACACS+ OL-23590-02 Product Overview General Description 1shows the Cisco 819HG ISR 3G Features New FeaturesSKU Information Platform Features Wlan FeaturesSecurity Features Wireless Device Overview ScanSafe LEDs Tftp support with Ethernet WAN interfaceColor Description Rssi Router# show controllers cellular Wlan Features Wireless Local Area NetworkDual-Radio Dynamic Frequency Selection CleanAir TechnologyImages Supported LEDs Wlan LED OL-23590-02 4G LTE Wireless WAN OL-23590-02 Basic Router Configuration Interface Ports Default ConfigurationRouter Interface Port Label Information Needed for Configuration OL-23590-02 Configuring Command-Line Access Line aux console tty vty line-number Password password Login Command Purpose Example Exits line configuration mode and returns to Enables password checking at the virtual terminalSession login Privileged Exec mode Configuring Global Parameters Configuring a Gigabit Ethernet WAN Interface Configuring WAN InterfacesNo shutdown Exit Configuring the Cellular Wireless WAN Interface Example Prerequisites for Configuring the 3G Wireless Interface Restrictions for Configuring the Cellular Wireless Interface Command or Action Purpose Data Account Provisioning Details about the command parameters Shows the radio signal strengthSignal strength, the network security, and so on Displays the cellular gps information Manual Activation 2lists the modem data profile parametersActivation and Provisioning Process Carrier Cellular unit cdma activate manual mdn msid msl Cellular cdma activate iota Activating with Over-the-Air Service ProvisioningRouter # cellular 0 cdma activate otasp phonenumber Configuring a Cellular Interface Configuring DDR Interface cellular Dialer string string Specifies the number of the dialer access group to Enters global configuration modeEnables DDR and configures the specified serial Enters the global configuration mode Exits line configuration mode Specifies the line configuration mode. It is alwaysSpecifies a default modem chat script Configures this line for GSM Examples for Configuring Cellular Wireless Interfaces This section provides the following configuration examples Tunnel over Cellular Interface Configuration Following shows how to configure an HSPA+ modem Configuring Dual SIM for Cellular Networks Command Syntax Description Cellular GSM SIM Perform the following commands to manually switch the SIMFollowing command forces the modem to connect to SIM1 Locks or unlocks the SIM Output When Button Is Pushed Example Output When Button Is Not Pushed ExampleRommon Behavior IOS Behavior Configuring the Fast Ethernet LAN Interfaces Configuring a Loopback InterfacePush Button in Wlan AP Verifying Configuration Router# show interface loopback Configuring Static Routes Another way to verify the loopback interface is to ping it Verifying Configuration Configuring Dynamic RoutesExample Router rip Version 1 Configuring Routing Information ProtocolCommand Task No auto-summary End Configuring Enhanced Interior Gateway Routing Protocol Router eigrp as-number Eigrp on the router. The autonomous-system Enters router configuration mode and enablesBe applied, using the IP address of the network Number identifies the route to other Eigrp routers OL-23590-02 Configuring Backup Interfaces Configuring Backup Data Lines and Remote Management819 Yes Assigns an interface as the secondary or backup Enters interface configuration mode forInterface for which you want to configure backup Be configured to back up a serial 0 interface Configure terminal Configuring Cellular Dial-on-Demand Routing BackupConfiguring DDR Backup Using Dialer Watch Dialer watch group group-number Using the chat script command Enables dialer watch on the backup interfaceDo not use the access list permit all command to Specifies the interface Configuring DDR Backup Using Floating Static Route No aaa new-model Source-interface Dialer2 Line vty 0 4 login Scheduler max-task-time Webvpn cef end Dial Backup and Remote Management Through the Auxiliary Port Ip name-server server-address Ip dhcp pool name Exit Sample commands that you can use in Dhcp Enters Dhcp pool configuration mode. The nameConfigure the Dhcp address pool. For Pool configuration mode, see the Example Enters configuration mode for the line interface Enters configuration mode for the auxiliary Switches the port from console to auxiliary portExits the configure interface mode Enables hardware signal flow control Ppp authentication pap callin PC IP address behind CPE OL-23590-02 Environmental and Power Management Router# show environment Environmental and Power Management Cisco EnergyWise Support Cisco EnergyWise Support Configuring the Serial Interface WAN Concentration Product Number Cable Type Length Connector Type Configuring Serial InterfacesLegacy Protocol Transport Cisco Hdlc Encapsulation Information About Configuring Serial InterfacesPPP Encapsulation Keepalive Timer Multilink PPP Frame Relay Encapsulation LMI on Frame Relay Interfaces How to Configure Serial InterfacesConfiguring a Synchronous Serial Interface This section contains the following tasks Specifying a Synchronous Serial Interface Configures synchronous serial encapsulationSpecifying Synchronous Serial Encapsulation Configures an Sdlc interface for half-duplex mode Configuring PPPSignals Encapsulation hdlc Compress stac Configuring Compression of Hdlc DataUsing the Nrzi Line-Coding Format Nrzi-encoding Transmit-clock-internal Inverting the Transmit Clock SignalEnabling the Internal Clock Invert txclock Invert rxclock Configuring DTR Signal Pulsing Setting Transmit DelayIgnoring DCD and Monitoring DSR as Line Up/Down Indicator Specifying the Serial Network Interface Module Timing Dce-terminal-timing enableConfigures the DCE to use Scte from the DTE Ignore-dcd Specifies timing configuration to invert TXC clock Dte-invert-txc Configuring Low-Speed Serial Interfaces Understanding Half-Duplex DTE and DCE State Machines Half-Duplex DCE State Machines Half-Duplex DCE Transmit State Machine No half-duplex controlled-carrier Constant-carrier modePlaces a low-speed serial interface Changing Between Synchronous and Asynchronous Modes Sdlc cts-delay Sdlc rts-timeoutPhysical-layer sync async Returns the interface to its default mode, which is Configuration ExamplesInterface Enablement Configuration Examples No physical-layer Half-Duplex Timers Example Synchronous or Asynchronous Mode ExamplesLow-Speed Serial Interface Examples Configuring Security Features Authentication, Authorization, and Accounting Configuration Commands Configuring AutoSecureConfiguring Access Lists ACL Type Configuring Cisco IOS Firewall Access Groups Configuring VPN Configuring Cisco IOS IPSURL Filtering Remote Access VPN VPN client-Cisco 819 ISR Site-to-Site VPNBranch office containing multiple LANs and VLANs Corporate office network Configure a VPN over an IPSec Tunnel Configuration ExamplesConfigure the IKE Policy Command or Action Purpose Configure Group Policy Information Domain name Exit For details about this command and additional Apply Mode Configuration to the Crypto MapExits IKE group policy configuration mode Specifies a local address pool for the group Enable Policy Lookup Configure the IPSec Crypto Method and Parameters Configure IPSec Transforms and ProtocolsCrypto ipsec profile profile-name See Cisco IOS Security Command Reference for Apply the Crypto Map to the Physical Interface Where to Go NextCrypto map map-name Exit Crypto ipsec client ezvpn name Create a Cisco Easy VPN Remote ConfigurationCrypto ipsec client ezvpn name outside inside Exit Configuration Example Configure a Site-to-Site GRE Tunnel Creates a tunnel interface and enters interface Returns to global configuration mode No cdp run Restrictions for the FE Switch Configuring the Ethernet SwitchesSwitch Port Numbering and Naming 10-1 Information About Ethernet Switches Igmp Snooping Switched Port AnalyzerOverview of Snmp MIBs Storm Control MIBs MIBs Link BRIDGE-MIB for Layer 2 Ethernet SwitchingRouterconfig#snmp-server community public RW 10-4 MAC Address Notification 10-5 VLANs on the FE Ports How to Configure Ethernet SwitchesConfiguring VLANs 10-6 VLANs on the GE Port Configuring Layer 2 InterfacesSwitchport mode dynamic desirable Comand Purpose Configuring Spanning Tree Protocol Configuring 802.1x Authentication10-8 Port Security Configuring MAC Table ManipulationConfiguring Cisco Discovery Protocol 10-9 Configuring Igmp Snooping Configuring the Switched Port AnalyzerConfiguring IP Multicast Layer 3 Switching Configuring Per-Port Storm Control Configuring Fallback Bridging 10-11 Managing the Switch 10-12 Configuring PPP over Ethernet with NAT 11-1 PPPoE Configuration TasksConfigure the Virtual Private Dialup Network Group Number 11-2 Configure the Fast Ethernet WAN Interfaces 11-3 Configure the Dialer Interface 11-4 Ip address negotiated Ip mtu bytes 11-5 Configure Network Address Translation 11-6 Ip nat inside outside No shutdown Exit 11-7 11-8 Configuration Example 11-9 11-10 Verifying Your Configuration 11-11 11-12 Configuring a LAN with Dhcp and VLANs 12-1 VLANs Configure Dhcp12-2 Detailed Steps 12-3 Verify Your Dhcp Configuration 12-4 Vlan ? Configure VLANs12-5 Example Assign a Switch Port to a VlanSwitchport access vlan vlan-id End 12-6 Verify Your Vlan Configuration 12-7 12-8 Router# vlan database Router# show vlan-switch 12-9 12-10 Configuring a VPN Using Easy VPN and an IPSec Tunnel 13-1 VPN client-Cisco 819 ISRs Cisco Easy VPNRemote, networked users VPN server-Easy VPN server Configure the IKE Policy 13-3 Lifetime seconds Exit For the group by using the wins command Configure Group Policy InformationInternet Naming Service Wins servers 13-5 Apply Mode Configuration to the Crypto Map 13-6 Login, and specifies the method used Enable Policy Lookup13-7 Configure the IPSec Crypto Method and Parameters Configure IPSec Transforms and Protocols13-8 13-9 Apply the Crypto Map to the Physical Interface Create an Easy VPN Remote Configuration13-10 Mode client network-extension network extension plus Exit 13-11 Following example verifies your easy vpn connection Verifying Your Easy VPN Configuration13-12 13-13 13-14 Configuring the Router from a PC Cisco IOS Software Basic Skills Understanding Command Modes PC Operating System Terminal Emulation Software User Exec Begin a session with To exit to user Exec Use this mode toGlobal Enter the configure As interface atm Router Enter one of the router Configuration mode Routing protocol AppropriateGetting Help Router rip-from Entering Global Configuration Mode Enable Secret Passwords and Enable PasswordsYou can now make changes to your router configuration Undoing Commands Using CommandsAbbreviating Commands Command-Line Error Messages Where to Go Next Saving Configuration ChangesSummary OL-18906-02 Concepts Network Protocols Protocol Ideal Topology Metric Routing Updates Routing Protocol Options PPP Authentication Protocols Enhanced Igrp Ethernet Chap Floating Static Routes Dial BackupBackup Interface Dialer Watch Easy IP Phase QoS IP Precedence PPP Fragmentation and Interleaving Access Lists Low Latency Queuing OL-18906-02 ROM Monitor Configure terminal Enters global configuration modeConfig-reg Resets the configuration register Entering the ROM Monitor Reload ROM Monitor CommandsExits global configuration mode Prompt increments with each new line Disaster Recovery with Tftp Download Command DescriptionsCommand Description Variable Command Tftp Download Command VariablesRequired Variables Configures how the router displays file Using the Tftp Download CommandOptional Variables Examples You will see an output similar to the following Type Embedded AP s Appendix C ROM Monitor Configuration Register Appendix C ROM Monitor Configuration Register Changing the Configuration Register Manually Changing the Configuration Register Using Prompts Command Description Console Download Error Reporting Debug CommandsContext-Displays processor context for example Exiting the ROM Monitor Appendix C ROM Monitor Exiting the ROM Monitor Common Port Assignments Port Keyword Description Procedure Call Any private RJE serviceISO-Transport Service Access Point Authentication service