Cisco Systems IOS Router Manual De Usuario
Cisco IOS VPN Router
RADIUS configuration:
aaa new-model
aaa authentication login userauthen group radius local
aaa authorization network groupauthor local
radius-server host xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646
radius-server timeout 120
radius-server key “your key”
aaa authentication login userauthen group radius local
aaa authorization network groupauthor local
radius-server host xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646
radius-server timeout 120
radius-server key “your key”
VPN Policy:
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group vpngroup (“vpngroup” Must match the
group name set in the vpn client)
key password (“password” Must match password set in the vpn client)
pool vpnpool (“vpnpool” is the name of an ip pool created on the router)
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto dynamic-map dymap 10
set transform-set myset
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dymap
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group vpngroup (“vpngroup” Must match the
group name set in the vpn client)
key password (“password” Must match password set in the vpn client)
pool vpnpool (“vpnpool” is the name of an ip pool created on the router)
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto dynamic-map dymap 10
set transform-set myset
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dymap
Interface configuration:
Apply the crypto map to the appropriate interface.
interface Ethernet1/0
description connected to EthernatLAN
crypto map clientmap
crypto map clientmap
The VPN Policy is an example only. You may need to make changes to it to
fit your needs. For example the encr command could be set to encr aes
256.
fit your needs. For example the encr command could be set to encr aes
256.
6