Configuration Guide
Page 4
Contents Configuring Enhanced IGRP 14 Configuration Example 15 Verifying Your Configuration 15 2 P A R T Configuring Your Router for Ethernet and DSL Access 2 C H A P T E R Sample Network Deployments 1 3 C H A P T E R Configuring PPP over Ethernet with NAT 1 Configure ... Example 4 Verify Your DHCP Configuration 4 Configure VLANs 5 Assign a Switch Port to a VLAN 6 Verify Your VLAN Configuration 6 6 C H A P T E R Configuring a VPN Using Easy VPN and an IPSec Tunnel 1 Configure the IKE Policy 4 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 4 OL-5332-01
Contents Configuring Enhanced IGRP 14 Configuration Example 15 Verifying Your Configuration 15 2 P A R T Configuring Your Router for Ethernet and DSL Access 2 C H A P T E R Sample Network Deployments 1 3 C H A P T E R Configuring PPP over Ethernet with NAT 1 Configure ... Example 4 Verify Your DHCP Configuration 4 Configure VLANs 5 Assign a Switch Port to a VLAN 6 Verify Your VLAN Configuration 6 6 C H A P T E R Configuring a VPN Using Easy VPN and an IPSec Tunnel 1 Configure the IKE Policy 4 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 4 OL-5332-01
Configuration Guide
Page 5
...Parameters 8 Apply the Crypto Map to the Physical Interface 9 Create an Easy VPN Remote Configuration 10 Verifying Your Easy VPN Configuration 11 Configuration Example 11 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation 1 Configure a VPN 2 Configure the IKE Policy 3 Configure Group Policy Information 4 Enable Policy ... Bridging on VLANs 4 Configure Radio Station Subinterfaces 6 Configuration Example 7 Sample Configuration 1 Configuring Additional Features and Troubleshooting OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5
...Parameters 8 Apply the Crypto Map to the Physical Interface 9 Create an Easy VPN Remote Configuration 10 Verifying Your Easy VPN Configuration 11 Configuration Example 11 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation 1 Configure a VPN 2 Configure the IKE Policy 3 Configure Group Policy Information 4 Enable Policy ... Bridging on VLANs 4 Configure Radio Station Subinterfaces 6 Configuration Example 7 Sample Configuration 1 Configuring Additional Features and Troubleshooting OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5
Configuration Guide
Page 6
... 1 Configuring AutoSecure 2 Configuring Access Lists 2 Access Groups 3 Guidelines for Creating Access Groups 3 Configuring a CBAC Firewall 3 Configuring Cisco IOS Firewall IDS 4 Configuring VPNs 4 Configuring Dial Backup and Remote Management 1 Dial Backup Feature Activation Methods 1 Backup Interfaces 2 Configuring Backup Interfaces 2 Floating Static... 17 Configure ISDN Settings 17 Configure the Aggregator and ISDN Peer Router 20 Troubleshooting 1 Getting Started 1 Before Contacting Cisco or Your Reseller 1 ADSL Troubleshooting 2 SHDSL Troubleshooting 2 ATM Troubleshooting Commands 2 ping atm interface...
... 1 Configuring AutoSecure 2 Configuring Access Lists 2 Access Groups 3 Guidelines for Creating Access Groups 3 Configuring a CBAC Firewall 3 Configuring Cisco IOS Firewall IDS 4 Configuring VPNs 4 Configuring Dial Backup and Remote Management 1 Dial Backup Feature Activation Methods 1 Backup Interfaces 2 Configuring Backup Interfaces 2 Floating Static... 17 Configure ISDN Settings 17 Configure the Aggregator and ISDN Peer Router 20 Troubleshooting 1 Getting Started 1 Before Contacting Cisco or Your Reseller 1 ADSL Troubleshooting 2 SHDSL Troubleshooting 2 ATM Troubleshooting Commands 2 ping atm interface...
Configuration Guide
Page 11
... a Service Request Audience This guide is intended for using the Cisco command-line interface (CLI) to configure features of experience. You can use the Cisco Router and ...Cisco Router Web Setup tool, and you to configure LAN and WAN interfaces, routing, Network Address Translation (NAT), firewalls, VPNs, and other SDM documentation, go to having no or little experience in the following Cisco 800 series routers: • Cisco 850 Series Routers - Cisco 851 Ethernet Access Router - Cisco 857 DSL Access Router • Cisco 870 Series Routers - Cisco 871 Ethernet Access Router...
... a Service Request Audience This guide is intended for using the Cisco command-line interface (CLI) to configure features of experience. You can use the Cisco Router and ...Cisco Router Web Setup tool, and you to configure LAN and WAN interfaces, routing, Network Address Translation (NAT), firewalls, VPNs, and other SDM documentation, go to having no or little experience in the following Cisco 800 series routers: • Cisco 850 Series Routers - Cisco 851 Ethernet Access Router - Cisco 857 DSL Access Router • Cisco 870 Series Routers - Cisco 871 Ethernet Access Router...
Configuration Guide
Page 12
...; Chapter 5, "Configuring a LAN with DHCP and VLANs"-Provides instructions on how to configure your Cisco router for Part 3. • Chapter 12, "Configuring Security Features"-Explains basic configuration of Cisco IOS security features, including firewall and VPN configuration. • Chapter 13, "Configuring Dial Backup and Remote Management"-Provides instructions on identifying and solving problems with...
...; Chapter 5, "Configuring a LAN with DHCP and VLANs"-Provides instructions on how to configure your Cisco router for Part 3. • Chapter 12, "Configuring Security Features"-Explains basic configuration of Cisco IOS security features, including firewall and VPN configuration. • Chapter 13, "Configuring Dial Backup and Remote Management"-Provides instructions on identifying and solving problems with...
Configuration Guide
Page 35
... models on the previous scenario by -step procedure that is compatible with DHCP and VLANs" • Chapter 6, "Configuring a VPN Using Easy VPN and an IPSec Tunnel" OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 2-1 Each scenario is described with a network topology, a step-by configuring another key feature. The...
... models on the previous scenario by -step procedure that is compatible with DHCP and VLANs" • Chapter 6, "Configuring a VPN Using Easy VPN and an IPSec Tunnel" OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 2-1 Each scenario is described with a network topology, a step-by configuring another key feature. The...
Configuration Guide
Page 36
Chapter 2 Sample Network Deployments • Chapter 7, "Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation" • Chapter 8, "Configuring a Simple Firewall" Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 2-2 OL-5332-01
Chapter 2 Sample Network Deployments • Chapter 7, "Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation" • Chapter 8, "Configuring a Simple Firewall" Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 2-2 OL-5332-01
Configuration Guide
Page 67
...not apply to corporate offices, for example. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-1 CH A P T E R 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel The Cisco 870 series routers support the creation of authentication and which encrypt the data ...between the remote client and the corporate network. Cisco 850 series routers do not support Cisco Easy VPN. Remote access VPNs are supported-site-to a corporate network. The example in to -site and remote access. Note The...
...not apply to corporate offices, for example. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-1 CH A P T E R 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel The Cisco 870 series routers support the creation of authentication and which encrypt the data ...between the remote client and the corporate network. Cisco 850 series routers do not support Cisco Easy VPN. Remote access VPNs are supported-site-to a corporate network. The example in to -site and remote access. Note The...
Configuration Guide
Page 68
... Client protocol. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-2 OL-5332-01 Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Figure 6-1 Remote Access VPN Using IPSec Tunnel 5 3 4 2 Internet 6 121782 1 1 Remote, networked users 2 VPN client-Cisco 870 series access router 3 Router-Providing the corporate office network access 4 VPN server-Easy VPN server; for example, a Cisco VPN 3000 concentrator...
... Client protocol. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-2 OL-5332-01 Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Figure 6-1 Remote Access VPN Using IPSec Tunnel 5 3 4 2 Internet 6 121782 1 1 Remote, networked users 2 VPN client-Cisco 870 series access router 3 Router-Providing the corporate office network access 4 VPN server-Easy VPN server; for example, a Cisco VPN 3000 concentrator...
Configuration Guide
Page 69
... PPPoA with DHCP and VLANs" as needed to configure your router. Any VPN connection requires both the client and the server. Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Note The Cisco Easy VPN client feature supports configuration of these configurations tasks, see Chapter 1, "Basic Router Configuration," Chapter 3, "Configuring PPP over Ethernet with NAT," Chapter...
... PPPoA with DHCP and VLANs" as needed to configure your router. Any VPN connection requires both the client and the server. Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Note The Cisco Easy VPN client feature supports configuration of these configurations tasks, see Chapter 1, "Basic Router Configuration," Chapter 3, "Configuring PPP over Ethernet with NAT," Chapter...
Configuration Guide
Page 70
... {rsa-sig | rsa-encr | pre-share} Example: Router(config-isakmp)# authentication pre-share Router(config-isakmp)# Specifies the authentication method used in the IKE policy. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-4 OL-5332-01 The example specifies the...-1). Step 6 lifetime seconds Example: Router(config-isakmp)# lifetime 480 Router(config-isakmp)# Specifies the lifetime, 60-86400 seconds, for an IKE security association (SA). Configure the IKE Policy Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Configure the IKE...
... {rsa-sig | rsa-encr | pre-share} Example: Router(config-isakmp)# authentication pre-share Router(config-isakmp)# Specifies the authentication method used in the IKE policy. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-4 OL-5332-01 The example specifies the...-1). Step 6 lifetime seconds Example: Router(config-isakmp)# lifetime 480 Router(config-isakmp)# Specifies the lifetime, 60-86400 seconds, for an IKE security association (SA). Configure the IKE Policy Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Configure the IKE...
Configuration Guide
Page 71
... set, see the Cisco IOS Dial Technologies Command Reference. For details about this command and additional parameters that can be downloaded to specify Windows Internet Naming Service (WINS) servers for the group. Example: Router(config-isakmp-group)# domain company.com Router(config-isakmp-group)# Step 5 exit Example: Router(config-isakmp-group)# exit Router(config)# Exits IKE...
... set, see the Cisco IOS Dial Technologies Command Reference. For details about this command and additional parameters that can be downloaded to specify Windows Internet Naming Service (WINS) servers for the group. Example: Router(config-isakmp-group)# domain company.com Router(config-isakmp-group)# Step 5 exit Example: Router(config-isakmp-group)# exit Router(config)# Exits IKE...
Configuration Guide
Page 72
... Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-6 OL-5332-01 Example: Router(config)# aaa new-model Router(config)# Step 2 aaa authentication login {default | list-name} method1 [method2...] Example: Router(config)# aaa authentication login rtr-remote local Router(config... [initiate | respond] Configures the router to reply to mode configuration requests from an authentication, authorization, and accounting (AAA) server. Apply Mode Configuration to the Crypto Map Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Apply Mode Configuration...
... Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-6 OL-5332-01 Example: Router(config)# aaa new-model Router(config)# Step 2 aaa authentication login {default | list-name} method1 [method2...] Example: Router(config)# aaa authentication login rtr-remote local Router(config... [initiate | respond] Configures the router to reply to mode configuration requests from an authentication, authorization, and accounting (AAA) server. Apply Mode Configuration to the Crypto Map Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Apply Mode Configuration...
Configuration Guide
Page 73
... Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-7 This example implements a username of Cisco with an encrypted password of authorization. username name {nopassword | password password | password encryption-type encrypted-password} Example: Router(config)# username Cisco password 0 Cisco Router(...IKE negotiation, the peers agree to the protected traffic as a part of both peers. Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Configure IPSec Transforms and Protocols Step 3 Step 4 Command or Action Purpose aaa authorization ...
... Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-7 This example implements a username of Cisco with an encrypted password of authorization. username name {nopassword | password password | password encryption-type encrypted-password} Example: Router(config)# username Cisco password 0 Cisco Router(...IKE negotiation, the peers agree to the protected traffic as a part of both peers. Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Configure IPSec Transforms and Protocols Step 3 Step 4 Command or Action Purpose aaa authorization ...
Configuration Guide
Page 74
Configure the IPSec Crypto Method and Parameters Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Perform these steps to specify the IPSec transform set and protocols, beginning in global configuration mode: Step 1 ...peer, and both sides must specify the same transform set vpn1 Router(config-crypto-map)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-8 OL-5332-01 Example: Router(config)# crypto dynamic-map dynmap 1 Router(config-crypto-map)# See the Cisco IOS Security Command Reference for detail about this command. Example...
Configure the IPSec Crypto Method and Parameters Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Perform these steps to specify the IPSec transform set and protocols, beginning in global configuration mode: Step 1 ...peer, and both sides must specify the same transform set vpn1 Router(config-crypto-map)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-8 OL-5332-01 Example: Router(config)# crypto dynamic-map dynmap 1 Router(config-crypto-map)# See the Cisco IOS Security Command Reference for detail about this command. Example...
Configuration Guide
Page 75
...isakmp] Creates a crypto map profile. [dynamic dynamic-map-name] [discover] [profile profile-name] Example: Router(config)# crypto map static-map 1 ipsec-isakmp dynamic dynmap Router(config)# Apply the Crypto Map to the Physical Interface The crypto maps must be applied to which IP Security... mode for details. Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Apply the Crypto Map to global configuration mode. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-9 See the Cisco IOS Security Command Reference for the interface to...
...isakmp] Creates a crypto map profile. [dynamic dynamic-map-name] [discover] [profile profile-name] Example: Router(config)# crypto map static-map 1 ipsec-isakmp dynamic dynmap Router(config)# Apply the Crypto Map to the Physical Interface The crypto maps must be applied to which IP Security... mode for details. Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Apply the Crypto Map to global configuration mode. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-9 See the Cisco IOS Security Command Reference for the interface to...
Configuration Guide
Page 76
... IP address or hostname for hostname resolution. Specifies the VPN mode of operation. 6-10 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Create an Easy VPN Remote Configuration The router acting as the IPSec remote router must create an Easy VPN remote configuration and assign it to create the remote configuration...
... IP address or hostname for hostname resolution. Specifies the VPN mode of operation. 6-10 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 Create an Easy VPN Remote Configuration The router acting as the IPSec remote router must create an Easy VPN remote configuration and assign it to create the remote configuration...
Configuration Guide
Page 77
...) and access list configuration needed for the interface to which you want the Cisco Easy VPN remote configuration applied. Step 8 exit Returns to global configuration mode. aaa new-model ! Example: Router(config-crypto-ezvpn)# exit Router(config)# Verifying Your Easy VPN Configuration Router# show crypto ipsec client ezvpn Tunnel name :ezvpnclient Inside interface list:vlan 1 Outside...
...) and access list configuration needed for the interface to which you want the Cisco Easy VPN remote configuration applied. Step 8 exit Returns to global configuration mode. aaa new-model ! Example: Router(config-crypto-ezvpn)# exit Router(config)# Verifying Your Easy VPN Configuration Router# show crypto ipsec client ezvpn Tunnel name :ezvpnclient Inside interface list:vlan 1 Outside...
Configuration Guide
Page 78
... static-map ! crypto isakmp policy 1 encryption 3des authentication pre-share group 2 lifetime 480 ! interface vlan 1 crypto ipsec client ezvpn ezvpnclient inside ! 6-12 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 crypto isakmp client configuration group rtr-remote key secret-password dns 10.50.10.1 10.60...
... static-map ! crypto isakmp policy 1 encryption 3des authentication pre-share group 2 lifetime 480 ! interface vlan 1 crypto ipsec client ezvpn ezvpnclient inside ! 6-12 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 crypto isakmp client configuration group rtr-remote key secret-password dns 10.50.10.1 10.60...
Configuration Guide
Page 79
... the corporate network, with GRE Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-1 Two types of 10.1.1.1 8 Corporate office network 9 IPSec tunnel with inside interface for NAT) 3 VPN client-Cisco 850 or Cisco 870 series access router 4 Fast Ethernet or ATM interface...-With address 200.1.1.1 (also the outside interface address of 210.110.101.1 6 VPN client-Another router, which encrypt the data between the branch office...
... the corporate network, with GRE Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-1 Two types of 10.1.1.1 8 Corporate office network 9 IPSec tunnel with inside interface for NAT) 3 VPN client-Cisco 850 or Cisco 870 series access router 4 Fast Ethernet or ATM interface...-With address 200.1.1.1 (also the outside interface address of 210.110.101.1 6 VPN client-Another router, which encrypt the data between the branch office...