1: Craft a dynamic ip_address pool
2nd define AAA authentication parameters
note: you could use radius
Next, we start the configuration. I'm using the group concept with PSK+xauth
Now we need some crypto ike policy and transform sets
note: I'm using very secured ciphers in the AES suite, this is fine for iPhone/Android and Window/MACOSX devices
Okay let wrap this all up, we need to build a dynamic crypto-map and then apply the dynamic-map into our crypto map.
note: best practices calls for the crypto map sequence # to be the highest in your pecking order
And the last action item that we need to accomplish is how do we negoiate and authenticate the clients. These lines apply the authentication parameters
Ensure the vpn pool network is routed within your network
( diagnostics )
- debug crypto isa aaa
- debug aaa authentication
- show crypto session brief
Ken Felix
Network & Security Engineer
kfelix ----a---t---socpuppets ---d---o---t---com
^ ^
=( - - )=
o
/ \
No comments:
Post a Comment