© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1

Network Security 2

Module 6 – Configure Remote Access VPN

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 2

Lesson 6.2 Configure the EasyVPN Server

Module 6 – Configure Remote Access VPN

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 3

Easy VPN Server General Configuration Tasks

The following general tasks are used to configure Easy VPN Server on a Cisco router –

–Task 1 – Create IP address pool.

–Task 2 – Configure group policy lookup.

–Task 3 – Create ISAKMP policy for remote VPN Client access.

–Task 4 – Define group policy for mode configuration push.

–Task 5 – Create a transform set.

–Task 6 – Create a dynamic crypto map with RRI.

–Task 7 – Apply mode configuration to the dynamic crypto map.

–Task 8 – Apply the crypto map to the router interface.

–Task 9 – Enable IKE DPD.

–Task 10 – Configure XAUTH.

–Task 11 – (Optional) Enable XAUTH save password feature.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 4

Task 1 – Create IP Address Pool

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 5

Task 2 – Configure Group Policy Lookup

• Creates a user group for local AAA policy lookup

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 6

Task 3 – Create ISAKMP Policy for Remote VPN Client Access

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 7

Task 4 – Define Group Policy for Mode Configuration Push

Task 4 contains the following steps ––Step 1 – Add the group profile to be defined.

–Step 2 – Configure the ISAKMP pre-shared key.

–Step 3 – Specify the DNS servers.

–Step 4 – Specify the WINS servers.

–Step 5 – Specify the DNS domain.

–Step 6 – Specify the local IP address pool.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 8

Task 4 - Add the Group Profile to Be Defined

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 9

Task 5 – Create Transform Set

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 10

Task 6 – Create a Dynamic Crypto Map with RRI

Task 6 contains the following steps –

–Step 1 – Create a dynamic crypto map.

–Step 2 – Assign a transform set.

–Step 3 – Enable RRI.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 11

Task 6 - Create a Dynamic Crypto Map

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 12

Task 7 – Apply Mode Configuration to Crypto Map

Task 7 contains the following steps –

–Step 1 – Configure the router to respond to mode configuration requests.

–Step 2 – Enable IKE querying for a group policy.

–Step 3 – Apply the dynamic crypto map to the crypto map.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 13

Task 7 – Apply Mode Configuration to Crypto Map

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 14

Task 8 – Apply the Crypto Map to Router Outside Interface

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 15

Task 9 – Enable ISAKMP DPD

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 16

Task 10 – Configure XAUTH

Task 10 contains the following steps –

–Step 1 – Enable AAA login authentication.

–Step 2 – Set the XAUTH timeout value.

–Step 3 – Enable ISAKMP XAUTH for the dynamic crypto map.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 17

Task 10, Step 1 – Enable AAA Login Authentication

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 18

Task 10, Step 2 – Set XAUTH Timeout Value

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 19

Task 10, Step 3 – Enable ISAKMP XAUTH for Crypto Map

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 20

Task 11 – (Optional) Enable XAUTH Save Password

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 22

Q and A

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 23