Manuals / Cisco Systems / Power Tools / Saw

Cisco Systems OL-6426-02 manual Configure Group Policy Information, Group 1 2, Lifetime seconds

Models: OL-6426-02

1 196

Download 196 pages 47.1 Kb

Page 88

Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation

Configure a VPN

BETA DRAFT - CISCO CONFIDENTIAL

	Command or Action	Purpose
Step 5
Step 5	group {1 2 5}	Specifies the Diffie-Hellman group to be used in
		the IKE policy.
	Example:
	Router(config-isakmp)# group 2
	Router(config-isakmp)#
Step 6
Step 6	lifetime seconds	Specifies the lifetime, 60–86400 seconds, for an
		IKE security association (SA).
	Example:
	Router(config-isakmp)# lifetime 480
	Router(config-isakmp)#
Step 7
Step 7	exit	Exits IKE policy configuration mode, and enters
		global configuration mode.
	Example:
	Router(config-isakmp)# exit
	Router(config)#

Configure Group Policy Information

Perform these steps to configure the group policy, beginning in global configuration mode:

	Command or Action	Purpose
Step 1
Step 1	crypto isakmp client configuration group	Creates an IKE policy group that contains
	{group-name default}	attributes to be downloaded to the remote client.
	Example:	Also enters Internet Security Association Key
	Example:	Management Protocol (ISAKMP) policy
		Management Protocol (ISAKMP) policy
	Router(config)# crypto isakmp client	configuration mode.
	configuration group rtr-remote
	Router(config-isakmp-group)#
Step 2
Step 2	key name	Specifies the IKE pre-shared key for the group
		policy.
	Example:
	Router(config-isakmp-group)# key
	secret-password
	Router(config-isakmp-group)#
Step 3
Step 3	dns primary-server	Specifies the primary Domain Name Service
		(DNS) server for the group.
	Example:	Note You may also want to specify Windows
		Note You may also want to specify Windows
	Router(config-isakmp-group)# dns 10.50.10.1	Internet Naming Service (WINS) servers
	Router(config-isakmp-group)#	for the group by using the wins command.
		for the group by using the wins command.

Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide

7-4	OL-6426-02

Image 88

Cisco Systems OL-6426-02 manual Configure Group Policy Information, Group 1 2, Lifetime seconds

Contents

Cisco Systems, Inc Page N T E N T S Configuring Your Router for Ethernet and DSL Access 802.1x Authentication Configure the IPSec Crypto Method and Parameters Configuring Backup Interfaces Chap Configuration Register C-6 OL-6426-02 Preface AudienceChapter Title Description OrganizationVPN Command Conventions ConventionsConvention Description BoldfaceObtaining Documentation Related DocumentsCisco.com Documentation Feedback Cisco Product Security OverviewDocumentation DVD Ordering DocumentationReporting Security Problems in Cisco Products Obtaining Technical AssistanceCisco Technical Support Website An emergency, you can also reach Psirt by telephone 877 408Submitting a Service Request Definitions of Service Request SeverityObtaining Additional Publications and Information Getting Started Page Interface Port Labels Basic Router ConfigurationRouter Interface Port Label Viewing the Default Configuration ADSLoISDNATM WAN Shdsl USB ModemExample 1-1 Cisco 1812 Default Configuration on Startup Information Needed for Configuration Configuring Basic Parameters To configure the router, perform one or more of these tasksConfigure Global Parameters Configure Fast Ethernet LAN InterfacesCommand Purpose ExampleConfigure WAN Interfaces Configure the Fast Ethernet WAN InterfaceConfigure the ATM WAN Interface Mode atm ExitController dsl No shutdownConfiguring a Loopback Interface Configure the Wireless InterfaceConfiguration Example Configuring Command-Line Access to the Router Verifying Your ConfigurationPassword password Line aux console tty vty line-numberExec-timeout minutes seconds LoginEnd Configuring Static Routes Exits router configuration mode, and entersPrivileged Exec mode Parameters that can be set, see the Cisco IOS IPConfiguration Example Configuring Dynamic RoutesVerifying Your Configuration Configuring RIP Command TaskRouter rip Version 1Configuring Enhanced Igrp Enters router configuration mode, and enablesEigrp on the router. The autonomous-system Number identifies the route to other Eigrp routersRouterconfig# network Be applied, using the IP address of the networkSpecifies a list of networks on which Eigrp is to Configuring Your Router for Ethernet and DSL Access Page For Ethernet-Based Network Deployments Sample Network DeploymentsFor DSL-Based Network Deployments OL-6426-02 Configuring PPP over Ethernet with NAT Configuration Tasks Command or Action PurposeVpdn enable PPPoEConfigure the Fast Ethernet WAN Interfaces Request-dialinInitiate to ip ip-address Protocol l2f l2tp pppoe anyCisco 1800 integrated services routers have These steps to configure one or both of themConfigures the PPPoE client and specifies Enables the Fast Ethernet interfaceConfigure the Dialer Interface Using a dialer group controls access to Exits the dialer 0 interface configurationAssigns the dialer interface to a dialer group Your routerConfigure Network Address Translation Ip nat inside outside Access-list access-list-number deny permitSource source-wildcard Configuration Example Router# show ip nat statistics Configuring PPP over ATM with NAT PPP over ATM with NATPPPoA Sets the PPP authentication method Authentication Protocol ChapSpecifies that the IP address for the dialer Interface is obtained through PPP/IPCP IPCommand Reference, Volume 1 of 4 Routing Configure the ATM WAN Interface Configuring Adsl Configure DSL Signaling ProtocolAttribute Description Default Value Verify the Configuration Configuring ShdslDsl lom integer Dsl enable-training-log Wire Line-mode 4-wire enhanced 4-wire standardIgnore-error-duration number Configure Network Address Translation Enables the configuration changes just made to About enabling static translation, see the CiscoFE2-FE9 reside to be the inside interface For NATStatic translation, see the Cisco IOS IP Command Exits configuration mode for the ATM interfaceDefines a standard access list permitting addresses Identifies the specified WAN interface as the NATATM0 Vlan Configuring a LAN with Dhcp and VLANsVLANs Configure Dhcp Default-router address address2 ...address8 Import allDns-server address address2 ...address8 Domain-name domainRouter# show ip dhcp import Verify Your Dhcp ConfigurationIp dhcp pool Configure VLANs Verify Your Vlan ConfigurationVlan ? ExampleRouter# show vlan-switch VlanSwitch Port Configurations 802.1x Authentication Vlan Trunking Protocol VTPMaximum Switched Virtual Interfaces SVIs Switched Port Analyzer SpanIP Multicast Switching Layer 2 InterfacesPer-Port Storm Control Fallback BridgingSeparate Voice and Data Subnets Igmp SnoopingConfiguring a VPN Using Easy VPN and an IPSec Tunnel InternetCisco Easy VPN Configure the IKE Policy Configure Group Policy Information Crypto isakmp client configuration groupGroup-name default Key nameApply Mode Configuration to the Crypto Map Ip local pool default poolnameEnable Policy Lookup Configure IPSec Transforms and ProtocolsConfigure the IPSec Crypto Method and Parameters Apply the Crypto Map to the Physical Interface Reverse-routeCrypto map map-name seq-num ipsec-isakmp Dynamic dynamic-map-name discoverCreate an Easy VPN Remote Configuration Crypto map map-nameVerifying Your Easy VPN Configuration Crypto ipsec client ezvpn name outside insideCrypto ipsec client ezvpn ezvpnclient connect auto Beta Draft Cisco Confidential Site-to-Site VPN Using an IPSec Tunnel and GRE GRE Tunnels VPNsConfigure a VPN Configure the IKE PolicyAlso enters Internet Security Association Key Example uses 168-bit Data EncryptionGroup 1 2 Configure Group Policy InformationLifetime seconds Enable Policy Lookup Exits IKE group policy configuration mode,Enters global configuration mode Specifies group domain membershipConfigure IPSec Transforms and Protocols Method used to do soSpecifies global lifetime values used when Negotiating IPSec security associationsConfigure the IPSec Crypto Method and Parameters Creates a dynamic crypto map entry, and entersCreates source proxy information for the crypto Map entryConfigure a GRE Tunnel Apply the Crypto Map to the Physical InterfaceMap Applies the crypto map to the interfaceTunnel interface must be configured to Exits interface configuration mode, and returns toEnters ACL configuration mode for the named Access-list-name ACL that is used by the crypto mapConfiguration Example Ip nat outside no cdp enable Beta Draft Cisco Confidential Configuring a Simple Firewall Router with Firewall ConfiguredSeries integrated services router, respectively Fast Ethernet LAN interface the inside interface for NATProtected network Unprotected networkConfigure Access Lists Configure Inspection RulesCreates an access list which prevents Internet Details about this commandAssigns the set of firewall inspection rules to Apply Access Lists and Inspection Rules to InterfacesInside interface on the router Configuring a Simple Firewall Configuration Example Beta Draft Cisco Confidential Configuring a Wireless LAN Connection 1shows a wireless network deploymentConfiguring a Wireless LAN Connection Configure the Root Radio Station Sets the permitted authentication methods for a User attempting access to the wireless LANExits Ssid configuration mode, and enters Interface configuration mode for the wirelessConfigure Bridging on VLANs Station-role repeater rootBridge number crb irb mac-address-table Bridge-group numberEnables Ieee 802.1q encapsulation on Configure Radio Station SubinterfacesSpecified subinterface Exits subinterface configuration mode, Assigns a bridge group to the subinterfaceNo bridge-group 3 unicast-flooding Interface Vlan1 Router# show running-config Sample Configuration10-1 10-2 Ip dhcp pool vlan310-3 10-4 10-5 10-6 Additional Configuration Options 11-111-2 Configuring Additional Features and Troubleshooting Page Authentication, Authorization, and Accounting Configuring Security Features12-1 Configuring AutoSecure Configuring Access ListsConfiguration Commands ACL TypeConfiguring a Cbac Firewall Access GroupsGuidelines for Creating Access Groups Ip access-group number name in outConfiguring VPNs Configuring Cisco IOS Firewall IDS12-4 Configuring Dial Backup and Remote Management Dial Backup Feature Activation MethodsBackup Interfaces 13-1Floating Static Routes Configuring Backup Interfaces13-2 Enables RIP routing Configuring Floating Static Routes13-3 Configuring Dialer Watch Dialer WatchSpecifies the group number for the watch list 13-4Dial Backup Type Possible? Dial Backup Method Limitations Dial Backup Feature Limitations13-5 13-6 13-7 Example 13-3 Configuring Dial Backup Using Dialer Watch 13-8Configure Isdn Settings 13-913-10 Access-group Ip address negotiatedDialer pool number Dialer-group group-numberFor your Cisco router during the ATM network downtime Configure the Aggregator and Isdn Peer Router13-12 Asynchronous Interface Configuration 13-1313-14 Line Configuration 13-1513-16 Troubleshooting Getting StartedBefore Contacting Cisco or Your Reseller 14-1Adsl Troubleshooting Shdsl TroubleshootingPortFast Troubleshooting 14-2ATM Troubleshooting Commands Ping atm interface CommandShow interface Command 14-3Output Cause Shutdown command14-4 14-5 Show atm interface CommandRouter# show atm interface atm Debug atm Commands Guidelines for Using Debug CommandsDebug atm errors Command Field DescriptionDebug atm events Command Router# debug atm errors ATM errors debugging is on Router#14-7 Router# debug atm events Router#Debug atm packet Command Where the keywords are defined as followsOptional ATM interface or subinterface number Example 14-7shows a sample outputSoftware Upgrade Methods Recovering a Lost PasswordATM0 14-914-10 Change the Configuration RegisterRouter# show version Reset the Router Router# show startup-configPress Return. The following prompt appears Prompt changes to the privileged Exec promptReset the Configuration Register Value Reset the Password and Save Your Changes14-12 Managing Your Router with SDM 14-1314-14 Reference Information Page Configuring the Router from a PC One of the configuration topic chapters in this guideCisco IOS Software Basic Skills PC Operating System SoftwareUnderstanding Command Modes As interface atm ExecCtrl-Z Configuration mode Routing protocol Appropriate Getting HelpRouter Enter one of the router Router rip, fromEntering Global Configuration Mode Enable Secret Passwords and Enable PasswordsYou can now make changes to your router configuration Using Commands Abbreviating CommandsUndoing Commands Command-Line Error MessagesWhere to Go Next Saving Configuration ChangesSummary OL-6426-02 Concepts AdslNetwork Protocols Routing Protocol OptionsPPP Authentication Protocols Protocol Ideal Topology Metric Routing UpdatesEnhanced Igrp RIPPAP Network Interfaces EthernetBackup Interface Dial BackupDialer Interface NAT Easy IP Phase IP Precedence QoSPPP Fragmentation and Interleaving Cbwfq Low Latency QueuingAccess Lists OL-6426-02 Enable Config-regResets the configuration register ROM MonitorROM Monitor Commands Exits global configuration modeReload Descriptions section in this appendixCommand Descriptions Disaster Recovery with Tftp DownloadTftp Download Command Variables Command DescriptionRequired Variables Variable CommandOptional Variables Using the Tftp Download Command TFTPTIMEOUT= timeTFTPCHECKSUM= setting RetrytimesConfiguration Register Changing the Configuration Register ManuallyChanging the Configuration Register Using Prompts Rommon 1 confregCommand Description Console DownloadDebug Commands Error ReportingContext-Displays processor context for example Frame-Displays an individual stack frameExiting the ROM Monitor OL-6426-02 Common Port Assignments Port Keyword DescriptionNETBIOS-NS NETBIOS-DGMNETBIOS-SSN FingerSee ARP See AALSee ATM IN-1See CAR See ChapIN-2 Dhcp IN-3Experience, user Extended access list Overview B-11 See also examplesEthernet B-5 Events, ATM, displaying GRESee NCP See LCPIN-5 See PAP See PVCSee PPP See IpcpSee NAT See RIPIN-7 See UDP Upgrading software, methods for 14-9User Datagram ProtocolIN-8