Home > Cisco > Router > Cisco Router 850 Series Software Configuration Guide

Cisco Router 850 Series Software Configuration Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Router 850 Series Software Configuration Guide. The Cisco manuals for Router are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 81

    Page 81 6-11 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Verifying Your Easy VPN Configuration Verifying Your Easy VPN Configuration Router# show crypto ipsec client ezvpn Tunnel name :ezvpnclientInside interface list:vlan 1 Outside interface:fastethernet 4 Current State:IPSEC_ACTIVELast Event:SOCKET_UP Address:8.0.0.5 Mask:255.255.255.255Default Domain:cisco.com Configuration Example The... 
     
6-11
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01 
Chapter 6      Configuring a VPN Using Easy VPN and an IPSec Tunnel
  Verifying Your Easy VPN Configuration
Verifying Your Easy VPN Configuration
Router# show crypto ipsec client ezvpn
Tunnel name :ezvpnclientInside interface list:vlan 1
Outside interface:fastethernet 4
Current State:IPSEC_ACTIVELast Event:SOCKET_UP
Address:8.0.0.5
Mask:255.255.255.255Default Domain:cisco.com
Configuration Example
The...

    Page 82

    Page 82 6-12 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Configuration Example !username Cisco password 0 Cisco ! crypto isakmp policy 1encryption 3des authentication pre-share group 2lifetime 480 ! crypto isakmp client configuration group rtr-remotekey secret-password dns 10.50.10.1 10.60.10.1 domain company.compool dynpool ! crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac! crypto... 
     
6-12
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01 
Chapter 6      Configuring a VPN Using Easy VPN and an IPSec Tunnel
  Configuration Example
!username Cisco password 0 Cisco
!
crypto isakmp policy 1encryption 3des
authentication pre-share
group 2lifetime 480
!
crypto isakmp client configuration group rtr-remotekey secret-password
dns 10.50.10.1 10.60.10.1
domain company.compool dynpool
!
crypto ipsec transform-set vpn1 esp-3des esp-sha-hmac!
crypto...

    Page 83

    Page 83 CH A P T E R 7-1 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation The Cisco 850 and Cisco 870 series routers support the creation of virtual private networks (VPNs). Cisco routers and other broadband devices provide high-performance connections to the Internet, but many applications also require the security of VPN connections which perform a high level of authentication and... 
    CH A P T E R
 
7-1
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01 
7
Configuring VPNs Using an IPSec Tunnel and 
Generic Routing Encapsulation
The Cisco 850 and Cisco 870 series routers support the creation of virtual private networks (VPNs).
Cisco routers and other broadband devices provide high-performance connections to the Internet, but 
many applications also require  the security of VPN connections which perform a high level of 
authentication and...

    Page 84

    Page 84 7-2 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configure a VPN GRE Tunnels GRE tunnels are typically used to establish a VPN between the Cisco router and a remote device that controls access to a private network, such as a corporate network. Traffic forwarded through the GRE tunnel is encapsulated and routed out onto the physical interface of the router. When a... 
     
7-2
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01 
Chapter 7      Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
  Configure a VPN
GRE Tunnels
GRE tunnels are typically used to establish a VPN between the Cisco router and a remote device that 
controls access to a private network, such as a corporate network. Traffic forwarded through the GRE 
tunnel is encapsulated and routed out onto the physical interface of the router. When a...

    Page 85

    Page 85 7-3 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configure a VPN Configure the IKE Policy Perform these steps to configure the Internet Key Exchange (IKE) policy, beginning in global configuration mode: Command or ActionPurpose Step 1crypto isakmp policy priority Example: Router(config)# crypto isakmp policy 1 Router(config-isakmp)# Creates an IKE policy that... 
     
7-3
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01 
Chapter 7      Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation   Configure a VPN
Configure the IKE Policy
Perform these steps to configure the Internet Key Exchange (IKE) policy, beginning in global 
configuration mode:
Command or ActionPurpose
Step 1crypto isakmp policy priority  
Example:
Router(config)#  crypto isakmp policy 1
Router(config-isakmp)# 
Creates an IKE policy that...

    Page 86

    Page 86 7-4 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configure a VPN Configure Group Policy Information Perform these steps to configure the group policy, beginning in global configuration mode: Command or ActionPurpose Step 1crypto isakmp client configuration group { group-name | default } Example: Router(config)# crypto isakmp client configuration group... 
     
7-4
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01 
Chapter 7      Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
  Configure a VPN
Configure Group Policy Information
Perform these steps to configure the group policy, beginning in global configuration mode:
Command or ActionPurpose
Step 1crypto isakmp client configuration group  
{ group-name  | default }
Example:
Router(config)#  crypto isakmp client 
configuration group...

    Page 87

    Page 87 7-5 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configure a VPN Enable Policy Lookup Perform these steps to enable policy lookup through AAA, beginning in global configuration mode: Command or ActionPurpose Step 1aaa new-model Example: Router(config)# aaa new-model Router(config)# Enables the AAA access control model. Step 2aaa authentication login {default |... 
     
7-5
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01 
Chapter 7      Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation   Configure a VPN
Enable Policy Lookup
Perform these steps to enable policy lookup through AAA, beginning in global configuration mode:
Command or ActionPurpose
Step 1aaa new-model
Example:
Router(config)# aaa new-model
Router(config)# 
Enables the AAA access control model.
Step 2aaa authentication login  {default  |...

    Page 88

    Page 88 7-6 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configure a VPN Perform these steps to specify the IPSec transform se t and protocols, beginning in global configuration mode: Command or ActionPurpose Step 1crypto ipsec transform-set transform-set-name transform1 [transform2 ] [transform3 ] [ transform4 ] Example: Router(config)# crypto ipsec transform-set... 
     
7-6
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01 
Chapter 7      Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
  Configure a VPN
Perform these steps to specify the IPSec transform se t and protocols, beginning in global configuration 
mode:
Command or ActionPurpose
Step 1crypto ipsec transform-set  transform-set-name 
transform1  [transform2 ] [transform3 ] 
[ transform4 ]
Example:
Router(config)#  crypto ipsec transform-set...

    Page 89

    Page 89 7-7 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configure a VPN Apply the Crypto Map to the Physical Interface The crypto maps must be applied to each interface through which IPSec traffic flows. Applying the crypto map to the physical interface instructs the router to evaluate all the traffic against the security associations database. With the default... 
     
7-7
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01 
Chapter 7      Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
  Configure a VPN
Apply the Crypto Map to the Physical Interface
The crypto maps must be applied to each interface through which IPSec traffic flows. Applying the 
crypto map to the physical interface instructs the router to evaluate all the traffic against the security 
associations database. With the default...

    Page 90

    Page 90 7-8 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configure a GRE Tunnel Configure a GRE Tunnel Perform these steps to configure a GRE tunnel, beginning in global configuration mode: Step 2crypto map map-name Example: Router(config-if)# crypto map static-mapRouter(config-if)# Applies the crypto map to the interface. See the Cisco IOS Security Command Reference for... 
     
7-8
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01 
Chapter 7      Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
  Configure a GRE Tunnel
Configure a GRE Tunnel
Perform these steps to configure a GRE tunnel, beginning in global configuration mode: 
Step 2crypto map map-name
Example:
Router(config-if)# crypto map static-mapRouter(config-if)# 
Applies the crypto map to the interface.
See the Cisco IOS Security Command Reference 
for...
    Start reading Cisco Router 850 Series Software Configuration Guide

    Related Manuals for Cisco Router 850 Series Software Configuration Guide

    All Cisco manuals