Post on 26-Mar-2015
transcript
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1
Network Security 2
Module 6 – Configure Remote Access VPN
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 2
Lesson 6.2 Configure the EasyVPN Server
Module 6 – Configure Remote Access VPN
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 3
Easy VPN Server General Configuration Tasks
The following general tasks are used to configure Easy VPN Server on a Cisco router –
–Task 1 – Create IP address pool.
–Task 2 – Configure group policy lookup.
–Task 3 – Create ISAKMP policy for remote VPN Client access.
–Task 4 – Define group policy for mode configuration push.
–Task 5 – Create a transform set.
–Task 6 – Create a dynamic crypto map with RRI.
–Task 7 – Apply mode configuration to the dynamic crypto map.
–Task 8 – Apply the crypto map to the router interface.
–Task 9 – Enable IKE DPD.
–Task 10 – Configure XAUTH.
–Task 11 – (Optional) Enable XAUTH save password feature.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 4
Task 1 – Create IP Address Pool
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 5
Task 2 – Configure Group Policy Lookup
• Creates a user group for local AAA policy lookup
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 6
Task 3 – Create ISAKMP Policy for Remote VPN Client Access
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 7
Task 4 – Define Group Policy for Mode Configuration Push
Task 4 contains the following steps ––Step 1 – Add the group profile to be defined.
–Step 2 – Configure the ISAKMP pre-shared key.
–Step 3 – Specify the DNS servers.
–Step 4 – Specify the WINS servers.
–Step 5 – Specify the DNS domain.
–Step 6 – Specify the local IP address pool.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 8
Task 4 - Add the Group Profile to Be Defined
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 9
Task 5 – Create Transform Set
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 10
Task 6 – Create a Dynamic Crypto Map with RRI
Task 6 contains the following steps –
–Step 1 – Create a dynamic crypto map.
–Step 2 – Assign a transform set.
–Step 3 – Enable RRI.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 11
Task 6 - Create a Dynamic Crypto Map
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 12
Task 7 – Apply Mode Configuration to Crypto Map
Task 7 contains the following steps –
–Step 1 – Configure the router to respond to mode configuration requests.
–Step 2 – Enable IKE querying for a group policy.
–Step 3 – Apply the dynamic crypto map to the crypto map.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 13
Task 7 – Apply Mode Configuration to Crypto Map
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 14
Task 8 – Apply the Crypto Map to Router Outside Interface
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 15
Task 9 – Enable ISAKMP DPD
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 16
Task 10 – Configure XAUTH
Task 10 contains the following steps –
–Step 1 – Enable AAA login authentication.
–Step 2 – Set the XAUTH timeout value.
–Step 3 – Enable ISAKMP XAUTH for the dynamic crypto map.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 17
Task 10, Step 1 – Enable AAA Login Authentication
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 18
Task 10, Step 2 – Set XAUTH Timeout Value
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 19
Task 10, Step 3 – Enable ISAKMP XAUTH for Crypto Map
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 20
Task 11 – (Optional) Enable XAUTH Save Password
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 22
Q and A
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 23