Filter
Top Products
9-7
Cisco 819 Series Integrated Services Routers Software Configuration Guide
OL-23590-02
Chapter 9 Configuring Security Features
Configuring VPN
Configuration Examples
Each example configures a VPN over an IPSec tunnel, using the procedure given in the “Configure a
VPN over an IPSec Tunnel” section on page 9-7. Then, the specific procedure for a remote access
configuration is given, followed by the specific procedure for a site-to-site configuration.
The examples shown in this chapter apply only to the endpoint configuration on the Cisco 819 ISRs. Any
VPN connection requires both endpoints to be configured properly to function. See the software
configuration documentation as needed to configure VPN for other router models.
VPN configuration information must be configured on both endpoints. You must specify parameters,
such as internal IP addresses, internal subnet masks, DHCP server addresses, and Network Address
Translation (NAT).
Configure a VPN over an IPSec Tunnel
Perform the following tasks to configure a VPN over an IPSec tunnel:
• Configure the IKE Policy, page 9-7
• Configure Group Policy Information, page 9-9
• Apply Mode Configuration to the Crypto Map, page 9-10
• Enable Policy Lookup, page 9-11
• Configure IPSec Transforms and Protocols, page 9-12
• Configure the IPSec Crypto Method and Parameters, page 9-12
• Apply the Crypto Map to the Physical Interface, page 9-14
• Where to Go Next, page 9-14
Configure the IKE Policy
To configure the Internet Key Exchange (IKE) policy, perform these steps, beginning in global
configuration mode:
SUMMARY STEPS
1. crypto isakmp policy priority
2. encryption {des | 3des | aes | aes 192 | aes 256}
3. hash {md5 | sha}
4. authentication {rsa-sig | rsa-encr | pre-share}
5. group {1 | 2 | 5}
6. lifetime seconds
7. exit