Assigns a crypto map to the tunnel | Cisco Systems OL-6426-02

Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation

Configure a GRE Tunnel

BETA DRAFT - CISCO CONFIDENTIAL

	Command or Action	Purpose
Step 3
Step 3	tunnel source interface-type number	Specifies the source endpoint of the router for the
		GRE tunnel.
	Example:
	Router(config-if)# tunnel source
	fastethernet 2
	Router(config-if)#
Step 4
Step 4	tunnel destination default-gateway-ip-address	Specifies the destination endpoint of the router for
		the GRE tunnel.
	Example:
	Router(config-if)# tunnel destination
	192.168.101.1
	Router(config-if)#
Step 5
Step 5	crypto map map-name	Assigns a crypto map to the tunnel.
	Example:	Note Dynamic routing or static routes to the
	Example:	tunnel interface must be configured to
		tunnel interface must be configured to
	Router(config-if)#crypto map static-map	establish connectivity between the sites.
	Router(config-if)#	See the Cisco IOS Security Configuration
		See the Cisco IOS Security Configuration
		Guide for details.
Step 6
Step 6	exit	Exits interface configuration mode, and returns to
		global configuration mode.
	Example:
	Router(config-if)# exit
	Router(config)#
Step 7
Step 7	ip access-list {standard extended}	Enters ACL configuration mode for the named
	access-list-name	ACL that is used by the crypto map.
	Example:
	Router(config)# ip access-list extended
	vpnstatic1
	Router(config-acl)#
Step 8
Step 8	permit protocol source source-wildcard	Specifies that only GRE traffic is permitted on the
	destination destination-wildcard	outbound interface.
	Example:
	Router(config-acl)# permit gre host
	192.168.100.1 host 192.168.101.1
	Router(config-acl)#
Step 9
Step 9	exit	Returns to global configuration mode.
	Example:
	Router(config-acl)# exit
	Router(config)#

Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide

	OL-6426-02	7-9

Image 93

Cisco Systems OL-6426-02 Assigns a crypto map to the tunnel, Tunnel interface must be configured to, Guide for details

Contents

Cisco Systems, Inc Page N T E N T S Configuring Your Router for Ethernet and DSL Access 802.1x Authentication Configure the IPSec Crypto Method and Parameters Configuring Backup Interfaces Chap Configuration Register C-6 OL-6426-02 Audience Preface Organization Chapter Title DescriptionVPN Conventions Command ConventionsConvention Description Boldface Related Documents Obtaining DocumentationCisco.com Cisco Product Security Overview Documentation FeedbackDocumentation DVD Ordering Documentation Obtaining Technical Assistance Reporting Security Problems in Cisco ProductsCisco Technical Support Website An emergency, you can also reach Psirt by telephone 877 408 Definitions of Service Request Severity Submitting a Service Request Obtaining Additional Publications and Information Getting Started Page Basic Router Configuration Interface Port LabelsRouter Interface Port Label ADSLoISDN Viewing the Default ConfigurationATM WAN Shdsl USB Modem Example 1-1 Cisco 1812 Default Configuration on Startup Information Needed for Configuration To configure the router, perform one or more of these tasks Configuring Basic Parameters Configure Fast Ethernet LAN Interfaces Configure Global ParametersCommand Purpose Example Configure the Fast Ethernet WAN Interface Configure WAN Interfaces Mode atm Exit Configure the ATM WAN InterfaceController dsl No shutdown Configure the Wireless Interface Configuring a Loopback InterfaceConfiguration Example Verifying Your Configuration Configuring Command-Line Access to the RouterPassword password Line aux console tty vty line-number Login Exec-timeout minutes secondsEnd Exits router configuration mode, and enters Configuring Static RoutesPrivileged Exec mode Parameters that can be set, see the Cisco IOS IP Configuring Dynamic Routes Configuration ExampleVerifying Your Configuration Command Task Configuring RIPRouter rip Version 1 Enters router configuration mode, and enables Configuring Enhanced IgrpEigrp on the router. The autonomous-system Number identifies the route to other Eigrp routers Be applied, using the IP address of the network Routerconfig# networkSpecifies a list of networks on which Eigrp is to Configuring Your Router for Ethernet and DSL Access Page Sample Network Deployments For Ethernet-Based Network DeploymentsFor DSL-Based Network Deployments OL-6426-02 Configuring PPP over Ethernet with NAT Command or Action Purpose Configuration TasksVpdn enable PPPoE Request-dialin Configure the Fast Ethernet WAN InterfacesInitiate to ip ip-address Protocol l2f l2tp pppoe any These steps to configure one or both of them Cisco 1800 integrated services routers haveConfigures the PPPoE client and specifies Enables the Fast Ethernet interface Configure the Dialer Interface Exits the dialer 0 interface configuration Using a dialer group controls access toAssigns the dialer interface to a dialer group Your router Configure Network Address Translation Access-list access-list-number deny permit Ip nat inside outsideSource source-wildcard Configuration Example Router# show ip nat statistics PPP over ATM with NAT Configuring PPP over ATM with NAT PPPoA Authentication Protocol Chap Sets the PPP authentication methodSpecifies that the IP address for the dialer Interface is obtained through PPP/IPCP IP Command Reference, Volume 1 of 4 Routing Configure the ATM WAN Interface Configure DSL Signaling Protocol Configuring AdslAttribute Description Default Value Configuring Shdsl Verify the ConfigurationDsl lom integer Dsl enable-training-log Line-mode 4-wire enhanced 4-wire standard WireIgnore-error-duration number Configure Network Address Translation About enabling static translation, see the Cisco Enables the configuration changes just made toFE2-FE9 reside to be the inside interface For NAT Exits configuration mode for the ATM interface Static translation, see the Cisco IOS IP CommandDefines a standard access list permitting addresses Identifies the specified WAN interface as the NAT ATM0 Configuring a LAN with Dhcp and VLANs VlanVLANs Configure Dhcp Import all Default-router address address2 ...address8Dns-server address address2 ...address8 Domain-name domain Verify Your Dhcp Configuration Router# show ip dhcp importIp dhcp pool Verify Your Vlan Configuration Configure VLANsVlan ? Example Vlan Router# show vlan-switch Switch Port Configurations Vlan Trunking Protocol VTP 802.1x Authentication Switched Port Analyzer Span Maximum Switched Virtual Interfaces SVIsIP Multicast Switching Layer 2 Interfaces Fallback Bridging Per-Port Storm ControlSeparate Voice and Data Subnets Igmp Snooping Internet Configuring a VPN Using Easy VPN and an IPSec Tunnel Cisco Easy VPN Configure the IKE Policy Crypto isakmp client configuration group Configure Group Policy InformationGroup-name default Key name Ip local pool default poolname Apply Mode Configuration to the Crypto Map Configure IPSec Transforms and Protocols Enable Policy Lookup Configure the IPSec Crypto Method and Parameters Reverse-route Apply the Crypto Map to the Physical InterfaceCrypto map map-name seq-num ipsec-isakmp Dynamic dynamic-map-name discover Crypto map map-name Create an Easy VPN Remote Configuration Crypto ipsec client ezvpn name outside inside Verifying Your Easy VPN Configuration Crypto ipsec client ezvpn ezvpnclient connect auto Beta Draft Cisco Confidential Site-to-Site VPN Using an IPSec Tunnel and GRE VPNs GRE Tunnels Configure the IKE Policy Configure a VPNAlso enters Internet Security Association Key Example uses 168-bit Data Encryption Configure Group Policy Information Group 1 2Lifetime seconds Exits IKE group policy configuration mode, Enable Policy LookupEnters global configuration mode Specifies group domain membership Method used to do so Configure IPSec Transforms and ProtocolsSpecifies global lifetime values used when Negotiating IPSec security associations Creates a dynamic crypto map entry, and enters Configure the IPSec Crypto Method and ParametersCreates source proxy information for the crypto Map entry Apply the Crypto Map to the Physical Interface Configure a GRE TunnelMap Applies the crypto map to the interface Exits interface configuration mode, and returns to Tunnel interface must be configured toEnters ACL configuration mode for the named Access-list-name ACL that is used by the crypto map Configuration Example Ip nat outside no cdp enable Beta Draft Cisco Confidential Router with Firewall Configured Configuring a Simple Firewall Fast Ethernet LAN interface the inside interface for NAT Series integrated services router, respectivelyProtected network Unprotected network Configure Inspection Rules Configure Access ListsCreates an access list which prevents Internet Details about this command Apply Access Lists and Inspection Rules to Interfaces Assigns the set of firewall inspection rules toInside interface on the router Configuring a Simple Firewall Configuration Example Beta Draft Cisco Confidential 1shows a wireless network deployment Configuring a Wireless LAN Connection Configuring a Wireless LAN Connection Configure the Root Radio Station User attempting access to the wireless LAN Sets the permitted authentication methods for aExits Ssid configuration mode, and enters Interface configuration mode for the wireless Station-role repeater root Configure Bridging on VLANsBridge number crb irb mac-address-table Bridge-group number Configure Radio Station Subinterfaces Enables Ieee 802.1q encapsulation onSpecified subinterface Assigns a bridge group to the subinterface Exits subinterface configuration mode, No bridge-group 3 unicast-flooding Interface Vlan1 Sample Configuration Router# show running-config10-1 Ip dhcp pool vlan3 10-2 10-3 10-4 10-5 10-6 11-1 Additional Configuration Options 11-2 Configuring Additional Features and Troubleshooting Page Configuring Security Features Authentication, Authorization, and Accounting12-1 Configuring Access Lists Configuring AutoSecureConfiguration Commands ACL Type Access Groups Configuring a Cbac FirewallGuidelines for Creating Access Groups Ip access-group number name in out Configuring Cisco IOS Firewall IDS Configuring VPNs12-4 Dial Backup Feature Activation Methods Configuring Dial Backup and Remote ManagementBackup Interfaces 13-1 Configuring Backup Interfaces Floating Static Routes13-2 Configuring Floating Static Routes Enables RIP routing13-3 Dialer Watch Configuring Dialer WatchSpecifies the group number for the watch list 13-4 Dial Backup Feature Limitations Dial Backup Type Possible? Dial Backup Method Limitations13-5 13-6 13-7 13-8 Example 13-3 Configuring Dial Backup Using Dialer Watch 13-9 Configure Isdn Settings 13-10 Ip address negotiated Access-groupDialer pool number Dialer-group group-number Configure the Aggregator and Isdn Peer Router For your Cisco router during the ATM network downtime13-12 13-13 Asynchronous Interface Configuration 13-14 13-15 Line Configuration 13-16 Getting Started TroubleshootingBefore Contacting Cisco or Your Reseller 14-1 Shdsl Troubleshooting Adsl TroubleshootingPortFast Troubleshooting 14-2 Ping atm interface Command ATM Troubleshooting CommandsShow interface Command 14-3 Shutdown command Output Cause14-4 Show atm interface Command 14-5Router# show atm interface atm Guidelines for Using Debug Commands Debug atm CommandsDebug atm errors Command Field Description Router# debug atm errors ATM errors debugging is on Router# Debug atm events Command14-7 Router# debug atm events Router# Where the keywords are defined as follows Debug atm packet CommandOptional ATM interface or subinterface number Example 14-7shows a sample output Recovering a Lost Password Software Upgrade MethodsATM0 14-9 Change the Configuration Register 14-10Router# show version Router# show startup-config Reset the RouterPress Return. The following prompt appears Prompt changes to the privileged Exec prompt Reset the Password and Save Your Changes Reset the Configuration Register Value14-12 14-13 Managing Your Router with SDM 14-14 Reference Information Page One of the configuration topic chapters in this guide Configuring the Router from a PCCisco IOS Software Basic Skills PC Operating System Software Understanding Command Modes Exec As interface atmCtrl-Z Getting Help Configuration mode Routing protocol AppropriateRouter Enter one of the router Router rip, from Enable Secret Passwords and Enable Passwords Entering Global Configuration ModeYou can now make changes to your router configuration Abbreviating Commands Using CommandsUndoing Commands Command-Line Error Messages Saving Configuration Changes Where to Go NextSummary OL-6426-02 Adsl Concepts Routing Protocol Options Network Protocols Protocol Ideal Topology Metric Routing Updates PPP Authentication ProtocolsEnhanced Igrp RIP PAP Ethernet Network Interfaces Dial Backup Backup InterfaceDialer Interface NAT Easy IP Phase QoS IP PrecedencePPP Fragmentation and Interleaving Low Latency Queuing Cbwfq Access Lists OL-6426-02 Config-reg EnableResets the configuration register ROM Monitor Exits global configuration mode ROM Monitor CommandsReload Descriptions section in this appendix Disaster Recovery with Tftp Download Command DescriptionsTftp Download Command Variables Command Description Variable Command Required VariablesOptional Variables TFTPTIMEOUT= time Using the Tftp Download CommandTFTPCHECKSUM= setting Retrytimes Changing the Configuration Register Manually Configuration RegisterChanging the Configuration Register Using Prompts Rommon 1 confreg Console Download Command Description Error Reporting Debug CommandsContext-Displays processor context for example Frame-Displays an individual stack frame Exiting the ROM Monitor OL-6426-02 Port Keyword Description Common Port Assignments NETBIOS-DGM NETBIOS-NSNETBIOS-SSN Finger See AAL See ARPSee ATM IN-1 See Chap See CARIN-2 IN-3 Dhcp See also examples Experience, user Extended access list Overview B-11Ethernet B-5 Events, ATM, displaying GRE See LCP See NCPIN-5 See PVC See PAPSee PPP See Ipcp See RIP See NATIN-7 Upgrading software, methods for 14-9User Datagram Protocol See UDPIN-8