Choose Enable AAA and click Yes in the resulting dialog box, shown in
Figure 4-5.
Figure 4-5 Enabling AAA on Easy VPN Server
NOTE: One of the prerequisites of remote client authentication for the VPN
service is enabling the AAA service on the target router.
Step 4. Click the Launch Easy VPN Server Wizard button and then click Next.
Step 5. Choose FastEthernet0/0. This is the VPN service termination interface.
Step 6. Click the Pre-Shared Keys radio button and then click Next to use preshared
keys as the authentication method.
Step 7. Choose the default IKE proposal and click Next.
NOTE: The default SDM IKE policy is as follows:
??? Authentication Method: Pre-Shared Key
??? Encryption: 3DES
??? Negotiation Authentication: SHA (Hash)
??? Public Key Cryptography: Dif?¬?e-Hellman Group 2
??? Security Association Lifetime: 1 hour
Con?¬?guring Easy VPN Server Using Cisco SDM 67
Step 8. Select SDM Default Transform Set > Next. Use the default encryption and
authentication algorithms in the IPsec tunnel.
Step 9. Choose the Local radio button in the Group Authorization and Group Policy
window and then click Next.
Step 10. Select Enable User Authentication in the User Authentication window and
choose the Local Only radio button.
Pages:
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72