Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

Similar presentations


Presentation on theme: "© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN."— Presentation transcript:

1 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN

2 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 2 Lesson 6.2 Configure the EasyVPN Server Module 6 – Configure Remote Access VPN

3 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 3 Easy VPN Server General Configuration Tasks The following general tasks are used to configure Easy VPN Server on a Cisco router – –Task 1 – Create IP address pool. –Task 2 – Configure group policy lookup. –Task 3 – Create ISAKMP policy for remote VPN Client access. –Task 4 – Define group policy for mode configuration push. –Task 5 – Create a transform set. –Task 6 – Create a dynamic crypto map with RRI. –Task 7 – Apply mode configuration to the dynamic crypto map. –Task 8 – Apply the crypto map to the router interface. –Task 9 – Enable IKE DPD. –Task 10 – Configure XAUTH. –Task 11 – (Optional) Enable XAUTH save password feature.

4 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 4 Task 1 – Create IP Address Pool

5 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 5 Task 2 – Configure Group Policy Lookup Creates a user group for local AAA policy lookup

6 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 6 Task 3 – Create ISAKMP Policy for Remote VPN Client Access

7 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 7 Task 4 – Define Group Policy for Mode Configuration Push Task 4 contains the following steps – –Step 1 – Add the group profile to be defined. –Step 2 – Configure the ISAKMP pre-shared key. –Step 3 – Specify the DNS servers. –Step 4 – Specify the WINS servers. –Step 5 – Specify the DNS domain. –Step 6 – Specify the local IP address pool.

8 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 8 Task 4 - Add the Group Profile to Be Defined

9 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 9 Task 5 – Create Transform Set

10 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 10 Task 6 – Create a Dynamic Crypto Map with RRI Task 6 contains the following steps – –Step 1 – Create a dynamic crypto map. –Step 2 – Assign a transform set. –Step 3 – Enable RRI.

11 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 11 Task 6 - Create a Dynamic Crypto Map

12 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 12 Task 7 – Apply Mode Configuration to Crypto Map Task 7 contains the following steps – –Step 1 – Configure the router to respond to mode configuration requests. –Step 2 – Enable IKE querying for a group policy. –Step 3 – Apply the dynamic crypto map to the crypto map.

13 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 13 Task 7 – Apply Mode Configuration to Crypto Map

14 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 14 Task 8 – Apply the Crypto Map to Router Outside Interface

15 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 15 Task 9 – Enable ISAKMP DPD

16 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 16 Task 10 – Configure XAUTH Task 10 contains the following steps – –Step 1 – Enable AAA login authentication. –Step 2 – Set the XAUTH timeout value. –Step 3 – Enable ISAKMP XAUTH for the dynamic crypto map.

17 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 17 Task 10, Step 1 – Enable AAA Login Authentication

18 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 18 Task 10, Step 2 – Set XAUTH Timeout Value

19 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 19 Task 10, Step 3 – Enable ISAKMP XAUTH for Crypto Map

20 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 20 Task 11 – (Optional) Enable XAUTH Save Password

21 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 21 Task 12 – Verify router# show crypto map [interface interface | tag map- name] Router# show crypto map interface ethernet 0 router# show run Router# show run Displays crypto map configuration. Displays running configuration.

22 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 22 Q and A

23 © 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 23


Download ppt "© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN."

Similar presentations


Ads by Google