Cisco CISCO876-SEC-I-K9 Configuration Guide - Page 83
Enable Policy Lookup, Con IPSec Transforms and Protocols
UPC - 882658021800
View all Cisco CISCO876-SEC-I-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 83 highlights
Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation Configure a VPN Enable Policy Lookup Perform these steps to enable policy lookup through AAA, beginning in global configuration mode: Step 1 Command or Action aaa new-model Purpose Enables the AAA access control model. Example: Router(config)# aaa new-model Router(config)# Step 2 Step 3 Step 4 aaa authentication login {default | list-name} Specifies AAA authentication of selected users at method1 [method2...] login, and specifies the method used. Example: Router(config)# aaa authentication login rtr-remote local Router(config)# This example uses a local authentication database. You could also use a RADIUS server for this. See the Cisco IOS Security Configuration Guide and the Cisco IOS Security Command Reference for details. aaa authorization {network | exec | commands Specifies AAA authorization of all level | reverse-access | configuration} {default | network-related service requests, including PPP, list-name} [method1 [method2...]] and the method used to do so. Example: Router(config)# aaa authorization network rtr-remote local Router(config)# This example uses a local authorization database. You could also use a RADIUS server for this. See the Cisco IOS Security Configuration Guide and the Cisco IOS Security Command Reference for details. username name {nopassword | password password | password encryption-type encrypted-password} Example: Router(config)# username cisco password 0 cisco Router(config)# Establishes a username-based authentication system. This example implements a username of cisco with an encrypted password of cisco. Configure IPSec Transforms and Protocols A transform set represents a certain combination of security protocols and algorithms. During IKE negotiation, the peers agree to use a particular transform set for protecting data flow. During IKE negotiations, the peers search in multiple transform sets for a transform that is the same at both peers. When such a transform set is found, it is selected and applied to the protected traffic as a part of both peers' configurations. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-5