Technical information
43
IPSec VPN Acceleration Services Module Installation and Configuration Note
78-14459-03 Rev C0
Configuring a VPN Using the VPN Module
The following is a configuration example of the router-side configuration:
!
version 12.2
!
hostname herckt
!
boot system flash:c6sup22-jk2sv-mz
logging snmp-authfail
logging buffered 1000000 debugging
aaa new-model
aaa authentication login default local
aaa authorization network mylist local
!
username unity password 0 uc
ip subnet-zero
no ip source-route
!
mpls ldp logging neighbor-changes
mls flow ip destination
mls flow ipx destination
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key 12345 address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10 2
!
crypto isakmp client configuration group group1
key 12345
domain cisco.com
pool pool1
!
crypto isakmp client configuration group default
key 12345
domain cisco.com
pool pool2
!
crypto ipsec transform-set myset3 esp-3des esp-md5-hmac
!
crypto dynamic-map test_dyn 1
set transform-set myset3
reverse-route
!
! Static client mapping
crypto map testtag client authentication list ash
crypto map testtag isakmp authorization list groupauthor
crypto map testtag client configuration address respond
crypto map testtag 10 ipsec-isakmp
set peer 10.5.1.4
set security-association lifetime seconds 900
set transform-set myset3
match address 109
!
! Dynamic client mapping
crypto map test_dyn client authentication list ash
crypto map test_dyn isakmp authorization list groupauthor
crypto map test_dyn client configuration address respond
crypto map test_dyn 1 ipsec-isakmp dynamic test_dyn
!
!
no spanning-tree vlan 513
!