Home > Cisco Systems > Router > Cisco Systems Router 1800 Series User Manual

Cisco Systems Router 1800 Series User Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Systems Router 1800 Series User Manual. The Cisco Systems manuals for Router are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 91

    Page 91 7-5 Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide OL-6426-02 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configure a VPN Enable Policy Lookup Perform these steps to enable policy lookup through AAA, beginning in global configuration mode: Step 4domain name Example: Router(config-isakmp-group)# domain company.com Router(config-isakmp-group)# Specifies group domain membership. Step 5exit Example:... 
     
7-5
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 7      Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
  Configure a VPN
Enable Policy Lookup
Perform these steps to enable policy lookup through AAA, beginning in global configuration mode:
Step 4domain name
Example:
Router(config-isakmp-group)# domain 
company.com
Router(config-isakmp-group)# 
Specifies group domain membership.
Step 5exit
Example:...

    Page 92

    Page 92 7-6 Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide OL-6426-02 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configure a VPN Configure IPSec Transforms and Protocols A transform set represents a certain combination of security protocols and algorithms. During IKE negotiation, the peers agree to use a particular transform set for protecting data flow. During IKE negotiations, the peers search in multiple transform sets... 
     
7-6
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 7      Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
  Configure a VPN
Configure IPSec Transforms and Protocols
A transform set represents a certain combination of  security protocols and algorithms. During IKE 
negotiation, the peers agree to use a particular transform set for protecting data flow. 
During IKE negotiations, the peers search in multiple transform sets...

    Page 93

    Page 93 7-7 Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide OL-6426-02 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configure a VPN NoteWith manually established security associations, there is no negotiation with the peer, and both sides must specify the same transform set. Configure the IPSec Crypto Method and Parameters A dynamic crypto map policy processes negotiation requests for new security associations from remote... 
     
7-7
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 7      Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation   Configure a VPN
NoteWith manually established security associations, there is no negotiation with the peer, and both sides 
must specify the same transform set. 
Configure the IPSec Crypto Method and Parameters
A dynamic crypto map policy processes  negotiation requests for new security associations from remote...

    Page 94

    Page 94 7-8 Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide OL-6426-02 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configure a GRE Tunnel Apply the Crypto Map to the Physical Interface The crypto maps must be applied to each interface through which IPSec traffic flows. Applying the crypto map to the physical interface instructs the rout er to evaluate all the traffic against the security associations database. With the default... 
     
7-8
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 7      Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
  Configure a GRE Tunnel
Apply the Crypto Map to the Physical Interface
The crypto maps must be applied  to each interface through which IPSec traffic flows. Applying the 
crypto map to the physical interface instructs the rout er to evaluate all the traffic against the security 
associations database. With the default...

    Page 95

    Page 95 7-9 Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide OL-6426-02 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configure a GRE Tunnel Step 3tunnel source interface-type number Example: Router(config-if)# tunnel source fastethernet 2 Router(config-if)# Specifies the source endpoint of the router for the GRE tunnel. Step 4tunnel destination default-gateway-ip-address Example: Router(config-if)# tunnel destination... 
     
7-9
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 7      Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
  Configure a GRE Tunnel
Step 3tunnel source interface-type number
Example:
Router(config-if)# tunnel source 
fastethernet 2
Router(config-if)# 
Specifies the source endpoint of the router for the 
GRE tunnel.
Step 4tunnel destination default-gateway-ip-address
Example:
Router(config-if)# tunnel destination...

    Page 96

    Page 96 7-10 Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide OL-6426-02 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configuration Example Configuration Example The following configuration example shows a portion of the configuration file for a VPN using a GRE tunnel scenario described in the preceding sections. !aaa new-model ! aaa authentication login rtr-remote localaaa authorization network rtr-remote local aaa session-id... 
     
7-10
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 7      Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
  Configuration Example
Configuration Example
The following configuration example shows a portion of the configuration file for a VPN using a GRE 
tunnel scenario described in the preceding sections.
!aaa new-model
!
aaa authentication login rtr-remote localaaa authorization network rtr-remote local
aaa session-id...

    Page 97

    Page 97 7-11 Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide OL-6426-02 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configuration Example ip address 10.1.1.1 255.255.255.0 ip nat inside ip inspect firewall in ! inspection examines outbound traffic crypto map static-mapno cdp enable ! interface fastethernet 0! FE0 is the outside or internet exposed interface ip address 210.110.101.21 255.255.255.0 ip access-group 103 in ! acl... 
     
7-11
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 7      Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
  Configuration Example
 ip address 10.1.1.1 255.255.255.0 ip nat inside
 ip inspect firewall in ! inspection examines outbound traffic
crypto map static-mapno cdp enable
!
interface fastethernet 0! FE0 is the outside or internet exposed interface ip address 210.110.101.21 255.255.255.0
 ip access-group 103 in ! acl...

    Page 98

    Page 98 7-12 Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide OL-6426-02 Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configuration Example 
     
7-12
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 7      Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
  Configuration Example

    Page 99

    Page 99 CH A P T E R 8-1 Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide OL-6426-02 8 Configuring a Simple Firewall The Cisco 1800 integrated services routers support network traffic filtering by means of access lists. The router also supports packet inspection and dynamic temporary access lists by means of Context-Based Access Control (CBAC). Basic traffic filtering is limited to configured access list implementations that examine packets at the network layer or, at... 
    CH A P T E R
 
8-1
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
8
Configuring a Simple Firewall
The Cisco 1800 integrated services routers support network traffic filtering by means of access lists. The 
router also supports packet inspection and dynamic temporary access lists by means of Context-Based 
Access Control (CBAC).
Basic traffic filtering is limited to configured access list implementations that examine packets at the 
network layer or, at...

    Page 100

    Page 100 1Multiple networked devices—Desktops, laptop PCs, switches 2Fast Ethernet LAN interface (the inside interface for NAT) 3PPPoE or PPPoA client and firewall implementation—Cisco 1811/1812 or Cisco 1801/1802/1803 series integrated services router, respectively 4Point at which NAT occurs 5Protected network 6Unprotected network 7Fast Ethernet or ATM WAN interf ace (the outside interface for NAT) 8-2 Cisco 1800 Series Integrated Services Rout ers (Fixed) Software Configuration Guide OL-6426-02 Chapter 8... 
    1Multiple networked devices—Desktops, laptop PCs, switches
2Fast Ethernet LAN interface (the inside interface for NAT)
3PPPoE or PPPoA client and firewall implementation—Cisco 1811/1812 or Cisco 1801/1802/1803 
series integrated services router, respectively
4Point at which NAT occurs
5Protected network
6Unprotected network
7Fast Ethernet or ATM WAN interf ace (the outside interface for NAT)
 
8-2
Cisco 1800 Series Integrated Services Rout ers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 8...
    Start reading Cisco Systems Router 1800 Series User Manual
    All Cisco Systems manuals