Manualshelf

Technical information

ManualsBrandsCisco ManualsComputer equipmentWS-SVC-IPSEC-1= - IPSec VPN Services Module
11121314151617181920
24
IPSec VPN Acceleration Services Module Installation and Configuration Note
78-14459-03 Rev C0
Configuring a VPN Using the VPN Module
Routed Port Mode Summary
This section summarizes the steps that are required to configure a Catalyst switch outside port as a routed
port (see the “Configuring a VPN Routed Port Connection” section on page 54 for detailed information):
1. Perform the following standard Cisco IOS encryption tasks:
a. Create an IKE policy, if necessary.
b. Create a preshared key entry, if necessary.
c. Create an ACL.
d. Create a crypto map.
2. Add an inside interface VLAN to the VLAN database.
3. Create a Layer 3 inside interface VLAN, and attach a crypto map.
4. Add the inside interface VLAN as an allowed VLAN to the VPN module inside trunk port (the VPN
module ports are trunk ports by default).
5. Connect the outside Catalyst routed port to the inside interface VLAN using the crypto connect vlan
command.
Trunk Port Mode Summary
Caution When you configure an Ethernet port as a trunk port, all the VLANs are allowed on the trunk port by
default. This default configuration does not work well with the VPN module and causes network loops.
For detailed information on configuring trunks, see the “Trunks” section in the “Interaction with Other
Features” section on page 25.
This section summarizes the steps that are required to configure a Catalyst switch outside port as a trunk
port (see the “Configuring a VPN Trunk Port Connection” section on page 55 for detailed information):
1. Perform the following standard Cisco IOS encryption tasks:
a. Create an IKE policy, if necessary.
b. Create a preshared key entry, if necessary.
c. Create an ACL.
d. Create a crypto map.
2. Add an inside interface VLAN and outside trunk port VLAN to the VLAN database.
3. Create a Layer 3 inside interface VLAN, and attach a crypto map.
4. Add the inside interface VLAN as an allowed VLAN to the VPN module inside trunk port (the VPN
module ports are trunk ports by default).
5. Create the outside trunk port VLAN interface, and connect it to the inside interface VLAN using the
crypto connect vlan command.
6. Configure a Catalyst switch outside port as a trunk port, and add the outside trunk port VLAN as an
allowed VLAN to the outside port trunk.