Defines the type of VPN connection that is to be established

fw1(config)# tunnel-group training type ipsec-ra

© 2005 Cisco Systems, Inc. All rights re

Step 128 To enable remote access, the tunnel group type must be named and set to remote access using the ipsec-ra command.

Step 2: Configure IKE Pre-Shared Key

1 ^^^^^^^^ c,iïuu-uijiii 1

Remote Client rtm 172.26.26.1 Outside |nside

J (Vj-,' Internet

Server

Push to Client <-1

firewall(config)#

10.0.0.15

tunnel-group name [general-attributes | ipsec-attributes]

• Enters tunnel-group ipsec-attributes submode to configure the key firewall(config-ipsec)#

pre-shared-key key

• Associates a pre-shared key with the connection policy

fw1(config)# tunnel-group training ipsec-attributes fw1(config-ipsec)# pre-shared-key cisco123

SNPA v4.0—1

2-34

Step 129 Use the pre-shared-key command to specify the IKE pre-shared key when defining group policy information for the mode configuration push. You must use this command if the Cisco VPN Client identifies itself to the router with a pre-shared key.

The syntax for the pre-shared-key command is as follows:

pre-shared-key key key

Specifies an alphanumeric key between one and 128 characters.

Step 3: Specify Local IP Address Pool

1 ^^^^^^^^ Ciscuumii 1

172.26.26.1 Outside |nside f Ajjpi|. ÄInt~rnetfc ^^^^ ^H Server

Ml Push i^j to Client firewall(config)# -'

tunnel-group name [general-attributes | ipsec-attributes]

1

• Enters tunnel-group general-attributes submode to configure the address pool firewall(config-general)#

address-pool [interface name] address pooll [...address pool6]

• Associates an address pool with the connection policy

fw1(config)# tunnel-group training general-attributes fw1(config-general)# address-pool MYPOOL

© 2005 Cisco Systems, Inc. All rights reserved SNPA v4.0—

12-35

Step 130 Use the address-pool command to refer to an IP local pool address, which defines a range of addresses that will be used to allocate an internal IP address to a VPN client.

Use the address-pool command in the general-attributes subcommand mode to define a local pool address.

The syntax for the address-pool command is as follows:

address-pool [interface name] address pool1 [...address pool6]

address_pool

Specifies the name of the address pool configured with the ip local pool command. You can specify up to six local address pools.

interface name

(Optional) Specifies the interface to be used for the address pool.

Was this article helpful?

0 0

Post a comment