Cisco Systems OL-6426-02 Benutzerhandbuch

B E TA D R A F T - C I S C O C O N F I D E N T I A L

7-4

Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide

OL-6426-02

Chapter 7 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation

Configure a VPN

Configure Group Policy Information

Perform these steps to configure the group policy, beginning in global configuration mode:

Step 5

group {1 | 2 | 5}

Example:

Router(config-isakmp)# group 2

Router(config-isakmp)#

Specifies the Diffie-Hellman group to be used in
the IKE policy.

Step 6

lifetime seconds

Example:

Router(config-isakmp)# lifetime 480

Router(config-isakmp)#

Specifies the lifetime, 60–86400 seconds, for an
IKE security association (SA).

Step 7

exit

Example:

Router(config-isakmp)# exit

Router(config)#

Exits IKE policy configuration mode, and enters
global configuration mode.

Command or Action

Purpose

Command or Action

Purpose

Step 1

crypto isakmp client configuration group
{group-name | default}

Example:

Router(config)# crypto isakmp client

configuration group rtr-remote

Router(config-isakmp-group)#

Creates an IKE policy group that contains
attributes to be downloaded to the remote client.

Also enters Internet Security Association Key
Management Protocol (ISAKMP) policy
configuration mode.

Step 2

key name

Example:

Router(config-isakmp-group)# key

secret-password

Router(config-isakmp-group)#

Specifies the IKE pre-shared key for the group
policy.

Step 3

dns primary-server

Example:

Router(config-isakmp-group)# dns 10.50.10.1

Router(config-isakmp-group)#

Specifies the primary Domain Name Service
(DNS) server for the group.

Note

You may also want to specify Windows
Internet Naming Service (WINS) servers
for the group by using the wins command.