Specifications
BETA DRAFT REVIEW—CISCO CONFIDENTIAL
Configuring Security Features
Configuring VPN
8
Cisco 3900 Series, 2900 Series, and 1900 Series Integrated Services Routers Software Configuration Guide
For more information about IPSec and GRE configuration, see the Configuring Security for VPNs with
IPSec” chapter of Cisco IOS Security Configuration Guide: Secure Connectivity, Release 12.4T at:
http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/12_4t/
sec_secure_connectivity_12_4t_book.html.
Configuration Examples
Each example configures a VPN over an IPSec tunnel, using the procedure given in the “Configure a
VPN over an IPSec Tunnel” section on page 8. Then, the specific procedure for a remote access
configuration is given, followed by the specific procedure for a site-to-site configuration.
The examples shown in this chapter apply only to the endpoint configuration on the Cisco 3900 series,
2900 series, and 1900 series ISRs. Any VPN connection requires both endpoints to be properly
configured in order to function. See the software configuration documentation as needed to configure
VPN for other router models.
VPN configuration information must be configured on both endpoints. You must specify parameters
such as internal IP addresses, internal subnet masks, DHCP server addresses, and Network Address
Translation (NAT).
• “Configure a VPN over an IPSec Tunnel” section on page 8
• “Create a Cisco Easy VPN Remote Configuration” section on page 17
• “Configure a Site-to-Site GRE Tunnel” section on page 20
Configure a VPN over an IPSec Tunnel
Perform the following tasks to configure a VPN over an IPSec tunnel:
• Configure the IKE Policy, page 9
• Configure Group Policy Information, page 10
• Apply Mode Configuration to the Crypto Map, page 12
• Enable Policy Lookup, page 13
• Configure IPSec Transforms and Protocols, page 14
• Configure the IPSec Crypto Method and Parameters, page 15
• Apply the Crypto Map to the Physical Interface, page 16
• Where to Go Next, page 17