Verifying Your Easy VPN Configuration | Cisco Systems C819GUK9

Chapter 13 Configuring a VPN Using Easy VPN and an IPSec Tunnel

Configuration Example

	Command or Action	Purpose

Step 7	crypto ipsec client ezvpn name [outside	Assigns the Cisco Easy VPN remote configuration
	inside]	to the WAN interface, causing the router to
		to the WAN interface, causing the router to
	Example:	automatically create the NAT or port address
	Example:	translation (PAT) and access list configuration
		translation (PAT) and access list configuration
	Router(config-if)# crypto ipsec client	needed for the VPN connection.
	ezvpn ezvpnclient outside
	Router(config-if)#
Step 8
Step 8	exit	Returns to global configuration mode.
	Example:
	Router(config-crypto-ezvpn)# exit
	Router(config)#

Verifying Your Easy VPN Configuration

The following example verifies your easy vpn connection:

Router# show crypto ipsec client ezvpn

Tunnel name :ezvpnclient

Inside interface list:vlan 1

Outside interface:fastethernet 4

Current State:IPSEC_ACTIVE

Last Event:SOCKET_UP

Address:8.0.0.5

Mask:255.255.255.255

Default Domain:cisco.com

Configuration Example

The following configuration example shows a portion of the configuration file for the VPN and IPSec tunnel described in this chapter:

!

aaanew-model

!

aaa authentication login rtr-remote local aaa authorization network rtr-remote local aaa session-id common

!

username Cisco password 0 Cisco

!

crypto isakmp policy 1 encryption 3des authentication pre-share group 2

lifetime 480

!

crypto isakmp client configuration group rtr-remote key secret-password

dns 10.50.10.1 10.60.10.1 domain company.com

pool dynpool

	Cisco 819 Integrated Services Routers Software Configuration Guide
13-12	OL-23590-02

Image 160

Cisco Systems C819GUK9 Verifying Your Easy VPN Configuration, Following example verifies your easy vpn connection, 13-12

Contents

Americas Headquarters Text Part Number OL-23590-02 September 2Page N T E N T S Data Account Provisioning Configuring a Cellular Interface Specifying a Synchronous Serial Interface Create a Cisco Easy VPN Remote Configuration NAT Getting Help TACACS+ OL-23590-02 Product Overview General Description 1shows the Cisco 819HG ISR 3G Features New FeaturesSKU Information Platform Features Wlan FeaturesSecurity Features Wireless Device Overview ScanSafe LEDs Tftp support with Ethernet WAN interfaceColor Description Rssi Router# show controllers cellular Wlan Features Wireless Local Area NetworkDual-Radio CleanAir Technology Images SupportedDynamic Frequency Selection LEDs Wlan LED OL-23590-02 4G LTE Wireless WAN OL-23590-02 Basic Router Configuration Interface Ports Default ConfigurationRouter Interface Port Label Information Needed for Configuration OL-23590-02 Configuring Command-Line Access Line aux console tty vty line-number Password password Login Command Purpose Example Enables password checking at the virtual terminal Session loginExits line configuration mode and returns to Privileged Exec mode Configuring Global Parameters Configuring a Gigabit Ethernet WAN Interface Configuring WAN InterfacesNo shutdown Exit Configuring the Cellular Wireless WAN Interface Example Prerequisites for Configuring the 3G Wireless Interface Restrictions for Configuring the Cellular Wireless Interface Command or Action Purpose Data Account Provisioning Shows the radio signal strength Signal strength, the network security, and so onDetails about the command parameters Displays the cellular gps information 2lists the modem data profile parameters Activation and Provisioning Process CarrierManual Activation Cellular unit cdma activate manual mdn msid msl Cellular cdma activate iota Activating with Over-the-Air Service ProvisioningRouter # cellular 0 cdma activate otasp phonenumber Configuring a Cellular Interface Configuring DDR Interface cellular Dialer string string Enters global configuration mode Enables DDR and configures the specified serialSpecifies the number of the dialer access group to Enters the global configuration mode Specifies the line configuration mode. It is always Specifies a default modem chat scriptExits line configuration mode Configures this line for GSM Examples for Configuring Cellular Wireless Interfaces This section provides the following configuration examples Tunnel over Cellular Interface Configuration Following shows how to configure an HSPA+ modem Configuring Dual SIM for Cellular Networks Command Syntax Description Perform the following commands to manually switch the SIM Following command forces the modem to connect to SIM1Cellular GSM SIM Locks or unlocks the SIM Output When Button Is Pushed Example Output When Button Is Not Pushed ExampleRommon Behavior IOS Behavior Configuring the Fast Ethernet LAN Interfaces Configuring a Loopback InterfacePush Button in Wlan AP Verifying Configuration Router# show interface loopback Configuring Static Routes Another way to verify the loopback interface is to ping it Verifying Configuration Configuring Dynamic RoutesExample Configuring Routing Information Protocol Command TaskRouter rip Version 1 No auto-summary End Configuring Enhanced Interior Gateway Routing Protocol Router eigrp as-number Enters router configuration mode and enables Be applied, using the IP address of the networkEigrp on the router. The autonomous-system Number identifies the route to other Eigrp routers OL-23590-02 Configuring Backup Interfaces Configuring Backup Data Lines and Remote Management819 Yes Enters interface configuration mode for Interface for which you want to configure backupAssigns an interface as the secondary or backup Be configured to back up a serial 0 interface Configuring Cellular Dial-on-Demand Routing Backup Configuring DDR Backup Using Dialer WatchConfigure terminal Dialer watch group group-number Enables dialer watch on the backup interface Do not use the access list permit all command toUsing the chat script command Specifies the interface Configuring DDR Backup Using Floating Static Route No aaa new-model Source-interface Dialer2 Line vty 0 4 login Scheduler max-task-time Webvpn cef end Dial Backup and Remote Management Through the Auxiliary Port Ip name-server server-address Ip dhcp pool name Exit Enters Dhcp pool configuration mode. The name Configure the Dhcp address pool. ForSample commands that you can use in Dhcp Pool configuration mode, see the Example Enters configuration mode for the line interface Switches the port from console to auxiliary port Exits the configure interface modeEnters configuration mode for the auxiliary Enables hardware signal flow control Ppp authentication pap callin PC IP address behind CPE OL-23590-02 Environmental and Power Management Router# show environment Environmental and Power Management Cisco EnergyWise Support Cisco EnergyWise Support Configuring the Serial Interface WAN Concentration Product Number Cable Type Length Connector Type Configuring Serial InterfacesLegacy Protocol Transport Cisco Hdlc Encapsulation Information About Configuring Serial InterfacesPPP Encapsulation Keepalive Timer Multilink PPP Frame Relay Encapsulation How to Configure Serial Interfaces Configuring a Synchronous Serial InterfaceLMI on Frame Relay Interfaces This section contains the following tasks Specifying a Synchronous Serial Interface Configures synchronous serial encapsulationSpecifying Synchronous Serial Encapsulation Configures an Sdlc interface for half-duplex mode Configuring PPPSignals Configuring Compression of Hdlc Data Using the Nrzi Line-Coding FormatEncapsulation hdlc Compress stac Nrzi-encoding Inverting the Transmit Clock Signal Enabling the Internal ClockTransmit-clock-internal Invert txclock Invert rxclock Configuring DTR Signal Pulsing Setting Transmit DelayIgnoring DCD and Monitoring DSR as Line Up/Down Indicator Dce-terminal-timing enable Configures the DCE to use Scte from the DTESpecifying the Serial Network Interface Module Timing Ignore-dcd Specifies timing configuration to invert TXC clock Dte-invert-txc Configuring Low-Speed Serial Interfaces Understanding Half-Duplex DTE and DCE State Machines Half-Duplex DCE State Machines Half-Duplex DCE Transmit State Machine No half-duplex controlled-carrier Constant-carrier modePlaces a low-speed serial interface Changing Between Synchronous and Asynchronous Modes Sdlc cts-delay Sdlc rts-timeoutPhysical-layer sync async Configuration Examples Interface Enablement Configuration ExamplesReturns the interface to its default mode, which is No physical-layer Half-Duplex Timers Example Synchronous or Asynchronous Mode ExamplesLow-Speed Serial Interface Examples Configuring Security Features Authentication, Authorization, and Accounting Configuring AutoSecure Configuring Access ListsConfiguration Commands ACL Type Configuring Cisco IOS Firewall Access Groups Configuring VPN Configuring Cisco IOS IPSURL Filtering Remote Access VPN Site-to-Site VPN Branch office containing multiple LANs and VLANsVPN client-Cisco 819 ISR Corporate office network Configure a VPN over an IPSec Tunnel Configuration ExamplesConfigure the IKE Policy Command or Action Purpose Configure Group Policy Information Domain name Exit Apply Mode Configuration to the Crypto Map Exits IKE group policy configuration modeFor details about this command and additional Specifies a local address pool for the group Enable Policy Lookup Configure the IPSec Crypto Method and Parameters Configure IPSec Transforms and ProtocolsCrypto ipsec profile profile-name See Cisco IOS Security Command Reference for Apply the Crypto Map to the Physical Interface Where to Go NextCrypto map map-name Exit Crypto ipsec client ezvpn name Create a Cisco Easy VPN Remote ConfigurationCrypto ipsec client ezvpn name outside inside Exit Configuration Example Configure a Site-to-Site GRE Tunnel Creates a tunnel interface and enters interface Returns to global configuration mode No cdp run Configuring the Ethernet Switches Switch Port Numbering and NamingRestrictions for the FE Switch 10-1 Information About Ethernet Switches Switched Port Analyzer Overview of Snmp MIBsIgmp Snooping Storm Control BRIDGE-MIB for Layer 2 Ethernet Switching Routerconfig#snmp-server community public RWMIBs MIBs Link 10-4 MAC Address Notification 10-5 How to Configure Ethernet Switches Configuring VLANsVLANs on the FE Ports 10-6 Configuring Layer 2 Interfaces Switchport mode dynamic desirableVLANs on the GE Port Comand Purpose Configuring Spanning Tree Protocol Configuring 802.1x Authentication10-8 Configuring MAC Table Manipulation Configuring Cisco Discovery ProtocolPort Security 10-9 Configuring the Switched Port Analyzer Configuring IP Multicast Layer 3 SwitchingConfiguring Igmp Snooping Configuring Per-Port Storm Control Configuring Fallback Bridging 10-11 Managing the Switch 10-12 Configuring PPP over Ethernet with NAT 11-1 Configuration Tasks Configure the Virtual Private Dialup Network Group NumberPPPoE 11-2 Configure the Fast Ethernet WAN Interfaces 11-3 Configure the Dialer Interface 11-4 Ip address negotiated Ip mtu bytes 11-5 Configure Network Address Translation 11-6 Ip nat inside outside No shutdown Exit 11-7 11-8 Configuration Example 11-9 11-10 Verifying Your Configuration 11-11 11-12 Configuring a LAN with Dhcp and VLANs 12-1 VLANs Configure Dhcp12-2 Detailed Steps 12-3 Verify Your Dhcp Configuration 12-4 Vlan ? Configure VLANs12-5 Assign a Switch Port to a Vlan Switchport access vlan vlan-id EndExample 12-6 Verify Your Vlan Configuration 12-7 12-8 Router# vlan database Router# show vlan-switch 12-9 12-10 Configuring a VPN Using Easy VPN and an IPSec Tunnel 13-1 Cisco Easy VPN Remote, networked usersVPN client-Cisco 819 ISRs VPN server-Easy VPN server Configure the IKE Policy 13-3 Lifetime seconds Exit Configure Group Policy Information Internet Naming Service Wins serversFor the group by using the wins command 13-5 Apply Mode Configuration to the Crypto Map 13-6 Login, and specifies the method used Enable Policy Lookup13-7 Configure the IPSec Crypto Method and Parameters Configure IPSec Transforms and Protocols13-8 13-9 Apply the Crypto Map to the Physical Interface Create an Easy VPN Remote Configuration13-10 Mode client network-extension network extension plus Exit 13-11 Following example verifies your easy vpn connection Verifying Your Easy VPN Configuration13-12 13-13 13-14 Configuring the Router from a PC Cisco IOS Software Basic Skills Understanding Command Modes PC Operating System Terminal Emulation Software To exit to user Exec Use this mode to Global Enter the configureUser Exec Begin a session with As interface atm Configuration mode Routing protocol Appropriate Getting HelpRouter Enter one of the router Router rip-from Entering Global Configuration Mode Enable Secret Passwords and Enable PasswordsYou can now make changes to your router configuration Using Commands Abbreviating CommandsUndoing Commands Command-Line Error Messages Where to Go Next Saving Configuration ChangesSummary OL-18906-02 Concepts Network Protocols Protocol Ideal Topology Metric Routing Updates Routing Protocol Options PPP Authentication Protocols Enhanced Igrp Ethernet Chap Dial Backup Backup InterfaceFloating Static Routes Dialer Watch Easy IP Phase QoS IP Precedence PPP Fragmentation and Interleaving Access Lists Low Latency Queuing OL-18906-02 Configure terminal Enters global configuration mode Config-reg Resets the configuration registerROM Monitor Entering the ROM Monitor ROM Monitor Commands Exits global configuration modeReload Prompt increments with each new line Disaster Recovery with Tftp Download Command DescriptionsCommand Description Variable Command Tftp Download Command VariablesRequired Variables Configures how the router displays file Using the Tftp Download CommandOptional Variables Examples You will see an output similar to the following Type Embedded AP s Appendix C ROM Monitor Configuration Register Appendix C ROM Monitor Configuration Register Changing the Configuration Register Manually Changing the Configuration Register Using Prompts Command Description Console Download Error Reporting Debug CommandsContext-Displays processor context for example Exiting the ROM Monitor Appendix C ROM Monitor Exiting the ROM Monitor Common Port Assignments Port Keyword Description Any private RJE service ISO-Transport Service Access PointProcedure Call Authentication service