Technical information

IPSec VPN Acceleration Services Module Installation and Configuration Note

78-14459-03 Rev C0

Configuring a VPN Using the VPN Module

• WAN interface:

–

shut down (on reload)—No SAs are created on the VPN module (must do a no shut down first).

–

no shut down (first no shut down issued after a reload)—SAs are created on the VPN module.

–

shut down (after a no shut down)—SAs remain active on the VPN module.

• Access/trunk mode ports:

–

shut down—SAs are never removed.

Configuration Summaries

These sections provide Ethernet configuration summaries for the three modes of operation that are

supported by the VPN module:

Note For WAN interface configuration, see the “Using WAN Interfaces” section on page 45.

• Access Port Mode Summary, page 23

• Routed Port Mode Summary, page 24

• Trunk Port Mode Summary, page 24

Access Port Mode Summary

This section summarizes the steps that are required to configure a Catalyst switch outside port as an

access port (see the “Configuring a VPN Access Port Connection” section on page 52 for detailed

information):

1. Perform the following standard Cisco IOS encryption tasks:

a. Create an IKE policy, if necessary.

b. Create a preshared key entry, if necessary.

c. Create an ACL.

d. Create a crypto map.

2. Add an inside interface VLAN and outside access port VLAN to the VLAN database.

3. Create a Layer 3 inside interface VLAN, and attach a crypto map.

4. Create an outside interface VLAN for the outside access port VLAN.

5. Add the inside interface VLAN as an allowed VLAN to the VPN module inside trunk port (the VPN

module ports are trunk ports by default).

6. Add a Catalyst switch outside port to the outside access port VLAN, and connect the outside access

port VLAN to the inside interface VLAN using the crypto connect vlan command.

Note You can do the crypto connection from the port or from the port VLAN interface, but the crypto connect

vlan command will always appear in the conﬁguration of the port VLAN.