Cisco CISCO876-SEC-I-K9 Configuration Guide - Page 80
Con a VPN
UPC - 882658021800
View all Cisco CISCO876-SEC-I-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 80 highlights
Configure a VPN Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation GRE Tunnels GRE tunnels are typically used to establish a VPN between the Cisco router and a remote device that controls access to a private network, such as a corporate network. Traffic forwarded through the GRE tunnel is encapsulated and routed out onto the physical interface of the router. When a GRE interface is used, the Cisco router and the router that controls access to the corporate network can support dynamic IP routing protocols to exchange routing updates over the tunnel, and to enable IP multicast traffic. Supported IP routing protocols include Enhanced Interior Gateway Routing Protocol (EIGRP), Routing Information Protocol (RIP), Intermediate System-to-Intermediate System (IS-IS), Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP). Note When IP Security (IPSec) is used with GRE, the access list for encrypting traffic does not list the desired end network and applications, but instead refers to the permitted source and destination of the GRE tunnel in the outbound direction. All packets forwarded to the GRE tunnel are encrypted if no further access control lists (ACLs) are applied to the tunnel interface. VPNs VPN configuration information must be configured on both endpoints; for example, on your Cisco router and at the remote user, or on your Cisco router and on another router. You must specify parameters, such as internal IP addresses, internal subnet masks, DHCP server addresses, and Network Address Translation (NAT). Configuration Tasks Perform the following tasks to configure this network scenario: • Configure a VPN • Configure a GRE Tunnel A configuration example showing the results of these configuration tasks is provided in the "Configuration Example" section on page 7-9. Note The procedures in this chapter assume that you have already configured basic router features as well as PPPoE or PPPoA with NAT, DCHP, and VLANs. If you have not performed these configurations tasks, see Chapter 1, "Basic Router Configuration," Chapter 3, "Configuring PPP over Ethernet with NAT," Chapter 4, "Configuring PPP over ATM with NAT," and Chapter 5, "Configuring a LAN with DHCP and VLANs," as appropriate for your router. Configure a VPN Perform the following tasks to configure a VPN over an IPSec tunnel: • Configure the IKE Policy • Configure Group Policy Information • Enable Policy Lookup • Configure IPSec Transforms and Protocols • Configure the IPSec Crypto Method and Parameters • Apply the Crypto Map to the Physical Interface Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-2 OL-5332-01