Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel

Enable Policy Lookup

BETA DRAFT - CISCO CONFIDENTIAL

Enable Policy Lookup

Perform these steps to enable policy lookup through AAA, beginning in global configuration mode:

 

Command or Action

Purpose

Step 1

 

 

aaa new-model

Enables the AAA access control model.

 

Example:

 

 

Router(config)# aaa new-model

 

 

Router(config)#

 

Step 2

 

 

aaa authentication login {default list-name}

Specifies AAA authentication of selected users at

 

method1 [method2...]

login, and specifies the method used.

 

Example:

This example uses a local authentication database.

 

You could also use a RADIUS server for this. For

 

 

 

Router(config)# aaa authentication login

details, see the Cisco IOS Security Configuration

 

rtr-remote local

Guide and Cisco IOS Security Command

 

Router(config)#

 

Reference.

 

 

Step 3

 

 

aaa authorization {network exec commands

Specifies AAA authorization of all

 

level reverse-access configuration} {default

network-related service requests, including PPP,

 

list-name} [method1 [method2...]]

and specifies the method of authorization.

 

Example:

This example uses a local authorization database.

 

You could also use a RADIUS server for this. For

 

 

 

Router(config)# aaa authorization network

details, see the Cisco IOS Security Configuration

 

rtr-remote local

Guide and Cisco IOS Security Command

 

Router(config)#

 

Reference.

 

 

Step 4

 

 

username name {nopassword password

Establishes a username-based authentication

 

password password encryption-type

system.

 

encrypted-password}

This example implements a username of Cisco

 

 

 

Example:

with an encrypted password of Cisco.

 

 

 

Router(config)# username Cisco password 0

 

 

Cisco

 

 

Router(config)#

 

 

 

 

Configure IPSec Transforms and Protocols

A transform set represents a certain combination of security protocols and algorithms. During IKE negotiation, the peers agree to use a particular transform set for protecting data flow.

During IKE negotiations, the peers search in multiple transform sets for a transform that is the same at both peers. When such a transform set is found, it is selected and applied to the protected traffic as a part of both peers’ configurations.

Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide

6-6

OL-6426-02

 

 

Page 78
Image 78
Cisco Systems OL-6426-02 manual Enable Policy Lookup, Configure IPSec Transforms and Protocols