Configuration manual

VPN configuration 49

Configuration — Command Line Interface

Configuring client termination

Complete this procedure to configure client termination.

Procedure steps

Step Action

1 Enter global configuration mode:

configure terminal

2 Create a policy map and enter crypto configuration mode

crypto map <policy-name>

3 Set the mode for the cryptographic key

crypto key mode ravpn-preshared-key

4 Set the cryptographic IPsec mode

crypto ipsec mode tunnel

5 Set the identity of the other end of the connection. The local type and value must

match the "VPN remote identity" values set in ‘Configuring remote identity’:

isakmp peer identity <id-type> <id-value>

6 Set the identity of the BSG of the connection

isakmp local identity ipv4 <IP-addr-of-BSG>

7 Set the IKE phase 1 values

isakmp policy encryption aes-192 hash sha1 dh group5 exch

aggressive lifetime <lifetime-units> <lifetime-value>

8 Set the IKE phase 2 values

crypto map ipsec encryption esp aes-192 authentication esp

sha1 pfs group5 lifetime <lifetime-units> <lifetime-value>

9 Configure the sources and destinations to which this policy applies

access-list apply any source <source-IP>

<source-subnet-mask> destination <dest-IP>

<dest-subnet-mask>

10 Exit crpto configuration mode:

exit

The system is now in global configuration mode.

11 Enter interface configuration mode on the WAN interface:

interface <WAN-interface-type> <WAN-interface-id>

12 Assign the cryptographic policy to the WAN interface:

crypto map <policy-name>

13 Exit from all configuration modes:

end

End