Configuring Vpn Client Access - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Allowing a VPN Management Connection
You can refer to up to set transform sets for the tunnel, and the sets are checked in order until the
transforms match.
The authentication and encryption algorithms of this transform typically match the IKE policy
(isakmp policy commands). For site-to-site tunnels, this transform must match the peer transform.
Authentication options include the following (from most secure to least secure):
•
•
Encryption options include the following (from most secure to least secure):
•
•
•
•
•
Note
For example, to configure the IKE policy and the IPSec transform sets, enter the following commands:
hostname(config)# isakmp policy 1 authentication pre-share
hostname(config)# isakmp policy 1 encryption 3des
hostname(config)# isakmp policy 1 group 2
hostname(config)# isakmp policy 1 hash sha
hostname(config)# isakmp enable outside
hostname(config)# crypto ipsec transform-set vpn_client esp-3des esp-sha-hmac
hostname(config)# crypto ipsec transform-set site_to_site esp-3des ah-sha-hmac
Configuring VPN Client Access
In routed mode, a host with Version 3.0 or 4.0 of the Cisco VPN client can connect to the FWSM for
management purposes over a public network, such as the Internet.
Transparent firewall mode does not support remote clients. Transparent mode does support site-to-site
tunnels.
To allow remote clients to connect to the FWSM for management access, first configure basic VPN
settings (see
To specify the transform sets (defined in the
Step 1
page
hostname(config)# crypto dynamic-map dynamic_map_name priority set transform-set
transform_set1 [transform_set2] [...]
List multiple transform sets in order of priority (highest priority first).
This dynamic crypto map allows unknown IP addresses to connect to the FWSM.
The dynamic-map name is used in
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
23-6
esp-sha-hmac
esp-md5-hmac
esp-aes-256
esp-aes-192
esp-aes
esp-3des
esp-des
esp-null (no encryption) is for testing purposes only.
"Configuring Basic Settings for All
23-5) allowed for client tunnels, enter the following command:
Tunnels"), and then perform the following steps:
"Configuring Basic Settings for All Tunnels" section on
Step
2.
Chapter 23
Configuring Management Access
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
