Download presentation
Presentation is loading. Please wait.
Published byAlexis Cooper Modified over 10 years ago
1
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN
2
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 2 Lesson 6.2 Configure the EasyVPN Server Module 6 – Configure Remote Access VPN
3
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 3 Easy VPN Server General Configuration Tasks The following general tasks are used to configure Easy VPN Server on a Cisco router – –Task 1 – Create IP address pool. –Task 2 – Configure group policy lookup. –Task 3 – Create ISAKMP policy for remote VPN Client access. –Task 4 – Define group policy for mode configuration push. –Task 5 – Create a transform set. –Task 6 – Create a dynamic crypto map with RRI. –Task 7 – Apply mode configuration to the dynamic crypto map. –Task 8 – Apply the crypto map to the router interface. –Task 9 – Enable IKE DPD. –Task 10 – Configure XAUTH. –Task 11 – (Optional) Enable XAUTH save password feature.
4
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 4 Task 1 – Create IP Address Pool
5
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 5 Task 2 – Configure Group Policy Lookup Creates a user group for local AAA policy lookup
6
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 6 Task 3 – Create ISAKMP Policy for Remote VPN Client Access
7
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 7 Task 4 – Define Group Policy for Mode Configuration Push Task 4 contains the following steps – –Step 1 – Add the group profile to be defined. –Step 2 – Configure the ISAKMP pre-shared key. –Step 3 – Specify the DNS servers. –Step 4 – Specify the WINS servers. –Step 5 – Specify the DNS domain. –Step 6 – Specify the local IP address pool.
8
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 8 Task 4 - Add the Group Profile to Be Defined
9
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 9 Task 5 – Create Transform Set
10
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 10 Task 6 – Create a Dynamic Crypto Map with RRI Task 6 contains the following steps – –Step 1 – Create a dynamic crypto map. –Step 2 – Assign a transform set. –Step 3 – Enable RRI.
11
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 11 Task 6 - Create a Dynamic Crypto Map
12
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 12 Task 7 – Apply Mode Configuration to Crypto Map Task 7 contains the following steps – –Step 1 – Configure the router to respond to mode configuration requests. –Step 2 – Enable IKE querying for a group policy. –Step 3 – Apply the dynamic crypto map to the crypto map.
13
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 13 Task 7 – Apply Mode Configuration to Crypto Map
14
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 14 Task 8 – Apply the Crypto Map to Router Outside Interface
15
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 15 Task 9 – Enable ISAKMP DPD
16
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 16 Task 10 – Configure XAUTH Task 10 contains the following steps – –Step 1 – Enable AAA login authentication. –Step 2 – Set the XAUTH timeout value. –Step 3 – Enable ISAKMP XAUTH for the dynamic crypto map.
17
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 17 Task 10, Step 1 – Enable AAA Login Authentication
18
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 18 Task 10, Step 2 – Set XAUTH Timeout Value
19
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 19 Task 10, Step 3 – Enable ISAKMP XAUTH for Crypto Map
20
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 20 Task 11 – (Optional) Enable XAUTH Save Password
21
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 21 Task 12 – Verify router# show crypto map [interface interface | tag map- name] Router# show crypto map interface ethernet 0 router# show run Router# show run Displays crypto map configuration. Displays running configuration.
22
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 22 Q and A
23
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 23
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.