VPN Config

Published on July 2016 | Categories: Types, Instruction manuals | Downloads: 34 | Comments: 0 | Views: 370
of 7
Download PDF   Embed   Report

This document contain a step by step explanation of how to configure VPN...This will really help in configuring VPN..

Comments

Content

CONFIGURATION ON ROUTER1 SET ISAKMP POLICY ENABLE (SITE TO SITE VPN)
Enabling IKE R1(config)#crypto isakmp enable • IKE Phase 1

1. Create IKE Policy

R1(config)#crypto isakmp policy 100 R1(config-isakmp)#authentication pre-share R1(config-isakmp)#encryption 3des R1(config-isakmp)#hash md5 R1(config-isakmp)#group 5 R1(config-isakmp)#lifetime 86400
2. Configure Preshared key

R1(config)#crypto isakmp key abc123 address 192.168.2.2 255.255.255.255



IKE Phase 2 1. Create Ipsec Transform set

R1(config)#crypto ipsec transform-set 20 esp-3des esp-md5-hmac R1(cfg-crypto-trans)#mode tunnel
2. Configure IPSec SA Lifetime

R1(config)#crypto ipsec security-association lifetime seconds 1800
3. Create the crypto ACLs

access-list 105 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
4. Create Crypto Map

R1(config)#crypto map test 120 ipsec-isakmp % NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured. R1(config-crypto-map)#match address 105 R1(config-crypto-map)#set peer 192.168.2.2 R1(config-crypto-map)#set transform-set 20 R1(config-crypto-map)#set security-association lifetime seconds 1800 R1(config-crypto-map)#set pfs group5
5. Apply Crypto map to Correct Interface

R1(config)#interface serial 0/0 R1(config-if)#crypto map test *Mar 1 01:33:37.895: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON R1#show crypto isakmp policy R1#show crypto ipsec sa

CONFIGURATION ON ROUTER2
SET ISAKMP POLICY ENABLE (SITE TO SITE VPN) Enabling IKE R2(config)#crypto isakmp enable • IKE Phase 1

1. Create IKE Policy

R2(config)#crypto isakmp policy 100 R2(config-isakmp)#authentication pre-share R2(config-isakmp)#encryption 3des R2(config-isakmp)#hash md5 R2(config-isakmp)#group 5 R2(config-isakmp)#lifetime 86400
2. Configure Preshared key

R2(config)#crypto isakmp key abc123 address 192.168.2.1 255.255.255.255
• IKE Phase 2

3. Create Ipsec Transform set

R2(config)#crypto ipsec transform-set 20 esp-3des esp-md5-hmac R2(cfg-crypto-trans)#mode tunnel
4. Configure IPSec SA Lifetime

R2(config)#crypto ipsec security-association lifetime seconds 1800
5. Create the crypto ACLs

access-list 105 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

6. Create Crypto Map

R2(config)#crypto map test 120 ipsec-isakmp % NOTE: This new crypto map will remain disabled until a peer and a valid access list have been configured. R2(config-crypto-map)#match address 105 R2(config-crypto-map)#set peer 192.168.2.1 R2(config-crypto-map)#set transform-set 20 R2(config-crypto-map)#set security-association lifetime seconds 1800 R2(config-crypto-map)#set pfs group5
7. Apply Crypto map to Correct Interface

R2(config)#interface serial 0/0 R2(config-if)#crypto map test *Mar 1 01:33:37.895: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON R2#show crypto isakmp policy R2#show crypto ipsec sa

Ng

REMOTE ACCESS VPN (IPSEC WITH CLIENT SOFTWARE) Features in Easy VPN
Easy VPN Server Functionality

1. Mode configuration (MC) Support, IKE MC 2. Extended Authentication support (XAUTH) 3. Dead Peer Detection support 4. Split tunnel support 5. Initial contact 6. Group-based policy control

Task 1 Configure XAUTH • Step 1 Enable AAA on Easy vpn Server R2(config)#aaa new-model • Step 2 Enable AAA Login authentication R2(config)#aaa authentication login futureco-remote-access local • Step 3 Set the Xauth timeout value R2(config)#crypto isakmp xauth timeout 90 • Step 4 Enable IKE Xauth for dynamic crypto map R2(config)#crypto map vpnremotes-map client authentication list futureco-remote-access Task 2 :Create an IP Address Pool R2(config)#ip local pool futureco-remote-pool 192.168.30.101 192.168.30.200 Task 3 :configure Group Policy Lookup R2(config)# aaa authorization network futureco-remote-access local Task 4 Create an ISAKMP Policy for Remote VPN Client R2(config)#crypto isakmp enable R2(config)#crypto isakmp policy 101 R2(config-isakmp)#encryption 3des R2(config-isakmp)#hash md5 R2(config-isakmp)#group 2 R2(config-isakmp)#authentication pre-share R2(config-isakmp)#exit Task 5 Define a Group Policy for a MC Push R2(config)#crypto isakmp client configuration group futureco-remote-access R2(config-isakmp-group)#key cisco123 R2(config-isakmp-group)#dns 192.168.104.23 R2(config-isakmp-group)#domain futureco.com R2(config-isakmp-group)#pool futureco-remote-pool

Task 6 : Create Transform Set R2(config)#crypto ipsec transform-set vpnremotes esp-3des esp-md5-hmac Task 7 Create a Dynamic Crypto Map with RRI • Step 1 Create a Dynamic crypto map R2(config)#crypto dynamic-map vpnremotes-map 1 • Step 2 Assign a transform set to crypto map R2(config-crypto-map)#set transform-set vpnremotes • Step 3 Enable RRI R2(config-crypto-map)#reverse-route Task 8 Apply a MC to the Dynamic Crypto Map • Step 1 Configure the Router to respond to MC requests R2(config)#crypto map vpnremotes-map client configuration address respond • Step 2 Enable IKE queries for group policy lookup R2(config)#crypto map vpnremotes-map isakmp authorization list futureco-remote-access • Step 3 Apply changes to dynamic crypto map R2(config)#crypto map vpnremotes-map 1 ipsec-isakmp dynamic vpnremotes-map Task 9 Apply a Dynamic Crypto Map to the Router Outside Interface R2(config)#int s0/0 R2(config-if)#crypto map vpnremotes-map R2(config)#username abc password abc Task 10 Enable Dead Peer Detection R2(config)#crypto isakmp keepalive 30 3

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close