By doing so, you identify the FQDN for the network the Easy VPN Server is protecting. Step 3 Specify the DNS servers-that is, designate the DNS servers to be used via the VPN connection. This is the password that the user enters when using the VPN client software. Step 1 Create the group that is being defined. To configure this group policy, follow these steps: The mode configuration push is the policy configuration that is pushed out to the remote users when they connect to the Easy VPN Server. NewYork(config-isakmp)# encryption 3des NewYork(config-isakmp)# group 2 NewYork(config-isakmp)#exit Define a Group Policy for a Mode Configuration Push NewYork#configure terminal NewYork(config)#crypto isakmp enable NewYork(config)# crypto isakmp policy 10 NewYork(config-isakmp)#authentication pre-shareĮxample 19-4 Defining the ISAKMP Policy (Continued) Example 19-3 lists the commands used to configure the ISAKMP policy.Įxample 19-3 Configuring the ISAKMP Policy crypto isakmp enable crypto isakmp policy priority_number authentication peer_authentication_method encryption encryption_algorithm group diffie-hellman_group exitĮxample 19-4 shows the configuration of ISAKMP policy for the remote users on the New York headquarters router. Refer to Table 19-2 for a list of supported options for each category. ISAKMP is enabled by default on the Cisco router however, you will need to select the following IKE parameters: NewYork(config)#aaa authorization network windham-vpn-users local group radius Create the ISAKMP Policy for the Remote VPN ClientsĬonfiguring the ISAKMP policy for the VPN users is no different from the configuration required for any other VPN connection. The command for this configuration is as follows:Īaa authorization network group-name local Įxample 19-2 shows the command for configuring the group policy lookup for the local group.Įxample 19-2 Configuring the Policy Lookup NewYork#configure terminal The servers will be tried in the order listed. It is possible to use a RADIUS server as well as the local group. The group policy lookup is the method used to authenticate the remote users attempting to gain access. NewYork(config)#ip local pool windham-office 10.10.8.1 10.10.8.50 Configure the Group Policy Lookup NewYork#configure terminal NewYork(config)#aaa new-model Use the following commands:Īaa new-model ip local pool pool-name low-address high-addressĮxample 19-1 shows what the configuration would look like on the router at the New York headquarters.Įxample 19-1 Preparing the Router for Easy VPN Server The next step is to configure a local address pool that will be used for assigning addresses to remote users. The command is entered in the global configuration mode. When preparing for the Easy VPN Server, the first configuration task is to enable AAA on the router. The remote office is located in the resort town of Windham, New York, and is connected to the Internet via a 1700 series router.įigure 19-2 VPN Connection Between New York HQ and Remote Office This figure depicts the address space used between the headquarters and the remote office. Step 10 Configure xauth.įor the purpose of this exercise, reference Figure 19-2. Step 8 Apply the dynamic crypto map to the interface. Step 7 Apply the mode configuration to the dynamic crypto map. Step 6 Create the dynamic crypto maps with Reverse Route Injection (RRI). Step 4 Define a group policy for a mode configuration push. Step 3 Create the ISAKMP policy for the remote VPN clients. Step 2 Configure the group policy lookup. Step 1 Prepare the router for Easy VPN Server. To configure Easy VPN Server on your Cisco IOS 12.2(8)T or later router, follow these steps: Remember the Easy VPN Server configuration is the most important because it is the central location where the other VPN client connections terminate.
0 Comments
Leave a Reply. |