Professional Documents
Culture Documents
• VPN Client
• Easy VPN
Options Attributes
Options Attributes
Authentication types Authentication using Digital Signature
Standard (DSS)
Diffie-Hellman group 1
IPSec protocol identifier IPSEC AH
IPSec protocol mode Transport mode
Miscellaneous • Manual keys
• Perfect Forward Secrecy (PFS)
192.168.1.5
• Supported encryption/authentication
• Supported key management techniques
• Supported data compression technique
• Digital certificate support
• Authentication methodologies
• Profile management
• Policy management
• After the Easy VPN Server knows the VPN Client’s assigned IP
address, it must determine how to route packets through the
appropriate VPN tunnel:
- RRI creates a static route on the Easy VPN Server for each VPN
Client’s internal IP address.
- RRI must be enabled on the crypto maps supporting VPN
Clients.
• RRI need not be enabled on a crypto map applied to a GRE tunnel
that is already being used to distribute routing information.
VPN tunnel
router(config)#
aaa new-model
router(config)#
aaa authentication password-prompt text-string
router(config)#
aaa authentication username-prompt text-string
router(config)#
aaa authentication login list-name method1
[method2…]
router(config)#
aaa authorization network list-name local group
radius
router(config)#
Username name password encryption-type
encrypted-password
router(config)#
crypto isakmp client configuration group
{group-name | default}
router(isakmp-group)#
key name
router(isakmp-group)#
dns primary-server secondary-server
router(isakmp-group)#
wins primary-server secondary-server
router(isakmp-group)#
domain name
router(isakmp-group)#
pool name
router(isakmp-group)#
acl number
router(config)#
crypto map map-name client configuration
address {initiate | respond}
router(config)#
crypto map map-name isakmp authorization list
list-name
router(config)#
crypto map map-name client authentication list
list-name
router(config)#
router(config)#
crypto map map-name seq-num ipsec-isakmp
router(config-crypto-map)#
set peer {hostname | ip-address}
router(config-crypto-map)#
set transform-set transform-set-name
[transform-set-name2…transform-set-name6]
router(config-crypto-map)#
reverse-route
router(config-crypto-map)#
match address [access-list-id | name]
router(config)#
crypto isakmp keepalive secs retries
router(config)#
radius-server host {hostname | ip-address}
[auth-port port-number] [acct-port port-number]
[timeout seconds] [retransmit retries]
[key string] [alias{hostname | ip-address}]
router#
show crypto map [interface interface | tag map-
name]
Boston Sales
172.30.1.2
oem.ini
.pcf
Name of the
destination
folder
Identifies
whether or not
to restart the
system after
the silent
installation
Tool bar
Log
display