COMPUTER TIPS
How to configure Easy VPN using Cisco Router?
Cisco Easy VPN solutions provides a secure connection over the public network to the off-site users. Easy VPN is a proper client-server model, that is why we will try to perform maximum configurations on the sever end and use Cisco VPN client software at user end to establish connection.
Basic steps for Easy VPN Configuration:
1- First configure the Router interface
Interface name
Security level
IP address
Enable crypto isakmp on Router
2- Configure IP pool
Pool name
Range of IP addresses to be used in pool
3- Configure user accounts
Username
Password
3- First define the ISAKMP Policy.
· Authentication
· Hash
· Encryption
· Group
4- Establish IPsec transform set.
· Esp-des
· Esp-md5-hmac
· Esp-aes
· Asp-sha-hmac
6- Now apply crypto map on the outside interface.
- Used to verify the outgoing interface traffic
Router(config)# aaa new-modelRouter(config)# username Mark password champion(define username and password)Router(config)# aaa authentication login default localRouter(config)# aaa authorization network star localNow defined the IKE polices on Router
Router(config)#crypto isakmp policy 10
(10 is isakmp policy number)
Router(config-isakmp)#encryption des
(enable encryption des)
Router(config-isakmp)#hash md5
(enable algorithm md5 for hashing)
Router(config-isakmp)#authentication pre-share
(enable Pre-shared method)
Router(config-isakmp)#group 2
(enable diffie-Helman group 2)
Router(config-isakmp)#exit
Router(config)# crypto isakmp key champion address 0.0.0.0
Router(config)# crypto ipsec transform-set ts2 esp-des esp-md5-hmac
(Here encryption type is des and hashing technique is md5-hmac)
Router(config)# ip local pool poolname 30.1.1.1-30.1.1.50
(define IP pool)
Router(config)# crypto isakmp client configuration group star
Router(config-group)# pool poolname
Router(config-group)# key champion
Router(config-group)# exit
Router(config)# crypto isakmp client configuration address-pool local poolname
Router(config)# crypto dynamic-map dmap 10
Router(config-map)# set transform-set tset
Router(config-map)# exit
Router(config)# crypto map smap 10 ipsec-isakmp dynamic map dmap
Router(config)# crypto map smap client authentication list champion
Router(config)# crypto map smap isakmp authorization list champion
Router(config)# crypto map smap client configuration address respondRouter(config)# interface serial 0/0
Router(config)# crypto map smap
Router(config)# ip route 30.0.0.0 255.0.0.0 serial 0/0
Now to verify the secure tunnel, dial connection from user end using the Cisco VPN client software.
Break or recover the router passwordSuggested Reading
How to configure the Cisco IOS IDS step by step?
Routing Information Protocol (RIP) Configuration
How to configure site-to-site VPN tunnel using ASA?
How to install Router image using TFTP server?
New
How to protect EIGRP router from receiving unsigned routing updates?
How to configure BGP between two different autonomous systems?
How to configure virtual link between different areas in OSPF?
How to perform unequal-cost load balancing using EIGRP?
How to configure Site-to-Site IPsec VPN?
How configure EIGRP authentication to prevent unauthorized access?
How to configure BGP with weight attribute?
How to perform configuration and convergence between RIP and IGRP protocols?
Interior Gateway Routing Protocol (IGRP) Configuration
Extended IP Access Control List
Enhanced Interior Gateway Routing Protocol (EIGRP) Configuration
Useful Router commands and configuration Common Frame Relay Configuration
Home | Previous Page | Site Map | About Us
