Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation

Configure a VPN

BETA DRAFT - CISCO CONFIDENTIAL

 

Command or Action

Purpose

Step 3

 

 

aaa authorization {network exec commands

Specifies AAA authorization of all

 

level reverse-access configuration} {default

network-related service requests, including PPP,

 

list-name} [method1 [method2...]]

and the method used to do so.

 

Example:

This example uses a local authorization database.

 

You could also use a RADIUS server for this. See

 

 

 

Router(config)# aaa authorization network

the Cisco IOS Security Configuration Guide and

 

rtr-remote local

the Cisco IOS Security Command Reference for

 

Router(config)#

 

details.

 

 

Step 4

 

 

username name {nopassword password

Establishes a username-based authentication

 

password password encryption-type

system.

 

encrypted-password}

This example implements a username of Cisco

 

 

 

Example:

with an encrypted password of Cisco.

 

 

 

Router(config)# username Cisco password 0

 

 

Cisco

 

 

Router(config)#

 

 

 

 

Configure IPSec Transforms and Protocols

A transform set represents a certain combination of security protocols and algorithms. During IKE negotiation, the peers agree to use a particular transform set for protecting data flow.

During IKE negotiations, the peers search in multiple transform sets for a transform that is the same at both peers. When such a transform set is found, it is selected and applied to the protected traffic as a part of both peers’ configurations.

Perform these steps to specify the IPSec transform set and protocols, beginning in global configuration mode:

 

Command or Action

Purpose

Step 1

 

 

crypto ipsec transform-set transform-set-name

Defines a transform set—An acceptable

 

transform1 [transform2] [transform3]

combination of IPSec security protocols and

 

[transform4]

algorithms.

 

Example:

See the Cisco IOS Security Command Reference

 

for detail about the valid transforms and

 

 

 

Router(config)# crypto ipsec transform-set

combinations.

 

vpn1 esp-3des esp-sha-hmac

 

 

Router(config)#

 

Step 2

 

 

crypto ipsec security-association lifetime

Specifies global lifetime values used when

 

{seconds seconds kilobytes kilobytes}

negotiating IPSec security associations.

 

Example:

See the Cisco IOS Security Command Reference

 

for details.

 

 

 

Router(config)# crypto ipsec

 

 

security-association lifetime seconds 86400

 

 

Router(config)#

 

 

 

 

Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide

7-6

OL-6426-02

 

 

Page 90
Image 90
Cisco Systems OL-6426-02 manual Configure IPSec Transforms and Protocols, Method used to do so