Example 225 Defining the Isakmp Policy

NewYork#configure terminal NewYork(config)#crypto isakmp enable NewYork(config)#crypto isakmp policy 10 NewYork(config-isakmp)#authentication pre-share

NewYork(config-isakmp)#encryption 3 des NewYork(config-isakmp)#group 2 NewYork(config-isakmp)#exit

Define a Group Policy for a Mode Configuration Push

The mode configuration push is the policy configuration pushed out to the remote users when they connect to the Easy VPN Server. To configure this group policy, follow these steps: Step 1.

Create the group being defined. Step 2.

Configure the preshared key. This is the password that the user enters when using the VPN client software.

Step 3.

Designate the DNS servers-that is, designate the DNS servers to be used via the VPN connection. Step 4.

Define the DNS domain, which identifies the fully qualified domain name (FQDN) for the network the Easy VPN Server is allowing authorized protected access to.

Step 5.

Define the WINS serversthat is, designate the WINS servers to be used via the VPN connection. Step 6.

Define the local IP address pool, which identifies the IP address scope assigned to VPN clients.

The commands required for each step of this configuration are as follows:

crypto isakmp client configuration group {group-name | default}

0 0

Post a comment