SEARCH
0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
PARTS:
Part 1
Part 2
Part 3
Part 4
Part 5
Part 6
Part 7
Prev | Current Page 35 | Next

Scott Empson and Hans Roth

"CCNP ISCW Portable Command Guide"

VPN client
users can be de?¬?ned
locally in the router or
on an AAA server. There
are separate lists for
authentication and
authorization of VPN
users.
Edmonton(config)#aaa authentication login
default local
Veri?¬?es login authentication
for the ???default??? group
using the local user
database
Edmonton(config)#aaa authentication login
VPNAUTH local
Veri?¬?es login authentication
for the VPNAUTH group
using the local user
database
Edmonton(config)#aaa authorization exec
default local
Veri?¬?es EXEC
authorization for the
???default??? group using the
local user database
Edmonton(config)#aaa authorization network
VPNAUTHOR local
Veri?¬?es network access
authorization for the
VPNAUTHOR group
using the local user
database
Con?¬?guring a Teleworker to Branch Of?¬?ce VPN Using CLI 37
Step 5: Create VPN Client Policy for Security Association Negotiation
Step 6: Con?¬?gure the Crypto Map (IKE Phase 2)
Edmonton(config)#username user1 secret
password1
Creates user for VPN
authentication
Edmonton(config)#username user2 secret
password2
Creates user for VPN
authentication
Edmonton(config)#crypto dynamic-map DYNMAP 1 Creates a dynamic crypto
map
Edmonton(config-crypto-map)#set transform-set
TRANSFORM-1
De?¬?nes the transform set
the client must match to
Edmonton(config-crypto-map)#reverse-route Has the router add a return
route for the VPN client in
the routing table
Edmonton(config-crypto-map)#exit Exits con?¬?g-crypto-map
mode
Edmonton(config)#crypto map CRYPTOMAP client
authentication list VPNAUTH
Con?¬?gures IKE extended
authentication (Xauth)
for the VPN group
VPNAUTH
Edmonton(config)#crypto map CRYPTOMAP isakmp
authorization list VPNAUTHOR
Con?¬?gures IKE key
lookup from a AAA server
for the VPN group
VPNAUTHOR
Edmonton(config)#crypto map CRYPTOMAP client
configuration address respond
Enables the router to
accept IP address requests
from any peer
Edmonton(config)#crypto map CRYPTOMAP 65535
ipsec-isakmp dynamic DYNMAP
Uses IKE to establish
IPsec SAs as speci?¬?ed by
crypto map DYNMAP
38 Con?¬?guring a Teleworker to Branch Of?¬?ce VPN Using CLI
Step 7: Apply the Crypto Map to the Interface
Step 8: Verify the VPN Service
Edmonton(config)#interface ethernet 2/0 Enters interface
con?¬?guration mode
Edmonton(config-if)#crypto map CRYPTOMAP Applies the crypto map
CRYPTOMAP
Edmonton(config-if)#end Exits to privileged mode
Edmonton#show crypto ipsec sa Displays the settings used
by current security
associations (SA)
Edmonton#show crypto isakmp sa Displays current IKE SAs
Edmonton#show crypto session Displays status
information for active
crypto sessions
Edmonton#show crypto dynamic-map Displays a dynamic crypto
map set
Edmonton#show crypto map Displays the crypto map
con?¬?guration
NOTE: Before issuing
a debug command,
you should read the
information for that
command in the Cisco
IOS Debug Command
Reference for your IOS
version to determine the
impact on the device.


Pages:
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
Practical Reporting with Ruby and Rails (page 23) Beginning PHP and MySQL E-Commerce: From Novice to Professional, Second Edition (page 10) Systems Engineering with SysML/UML: Modeling, Analysis, Design (page 871)