authentication method
  • IP addressing and routing for clients
    • You must also install prerequisite services to your network before configuring the Cisco Easy VPN Server. Which services are required depends on the chosen design, but may include some of the following:
    Content 3.8 Configuring Easy VPN Server using Cisco SDM 3.8.2 Configuring the Prerequisites with VPN Wizards Configuring Cisco Easy VPN Server functionality using the SDM consists of two parts: Use a browser to connect to the Cisco Easy VPN Server router, where you can follow the link to the SDM. The VPN configuration page shown in Figure lists the VPN wizards that are used to implement different types of IPsec-based VPNs. Select the Easy VPN Server page from the SDM main page and navigate to the Easy VPN Server page by following this procedure: Step 1 Click the Configure icon in the toolbar at the top of the window. Step 2 Click the VPN icon in the Tasks toolbar on the left side of the window. Step 3 Choose the Easy VPN Server option in the middle part of the window. Enabling AAA on the Router
    If you have not configured AAA, the wizard asks you to configure it. If AAA is disabled on the router, you have to configure AAA before Easy VPN Server configuration begins. To configure AAA, complete Steps 1 and 2. Step 1 Click the Enable AAA link at the bottom of the Create Easy VPN Server tab. Step 2 A warning window opens, warning you to configure a user account with privilege level 15 before enabling AAA. Click OK to the warning window. Creating Privileged Users
    The screen in Figure appears, and the wizard asks you to create an administrative user. To create an administrative user, follow this procedure: Step 1 Click the Additional Tasks icon in the Tasks toolbar on the left side of the window. Step 2 Click the User Accounts/View option under the Router Access option in the middle part of the window. Step 3 Click Add in the top right side of the window to add a user. The Add an Account window shown in Figure opens. Step 1 Enter the administrative user username. Step 2 Enter a password in the Password field. Use a password with at least eight characters made up of numbers and letters. Step 3 Choose 15 from the Privilege Level drop-down menu. Step 4 Assign this user to have the SDM administrative role by choosing the SDM_Administrator (root) option in the View Name drop-down menu. Step 5 Click View Details to review the details of the currently chosen role. When done, click OK. Step 6 Click OK again. Step 7 If the enable secret password is not configured on your router, the Enable Secret Password window appears and you are asked to enter the enable secret password. Step 8 Enter and re-enter a secure secret password, and then click OK. Enabling AAA
    Finally, you can return to the Easy VPN Server page of the SDM wizard and enable AAA services on the Easy VPN Server: Step 1 Click the Enable AAA link on the Create Easy VPN Server tab to enable AAA services. Step 2 An Enable AAA window opens. Click Yes to enable AAA.
    Content 3.8 Configuring Easy VPN Server using Cisco SDM 3.8.3 Start the Easy VPN Server Wizard With AAA services enabled, click the Launch Easy VPN Server Wizard button on the Create Easy VPN Server tab to start the Easy VPN Server wizard. Select Interface for Terminating IPsec
    The Interface and Authentication window shown in Figure opens. Here you can select the outside interface toward the IPsec peer over the untrusted network. This is the interface where clients connect to the server: Step 1 Select the interface that you want to use from the Interface for this Easy VPN Server drop-down menu. Step 2 Click Next to continue to the IKE proposal page.
    Content 3.8 Configuring Easy VPN Server using Cisco SDM 3.8.4 Configure IKE Proposals When configuring IKE proposals, you can use the IKE proposal that is predefined by SDM or add a custom IKE proposal specifying these required parameters: After selecting the interface for terminating IPsec, the screen in Figure appears. This screen is where you configure new IKE proposals: Step 1 In the IKE Proposals window, click Add to add an IKE proposal. Step 2 The Add IKE Policy window opens. Enter all IKE parameters, and then click OK. Step 3 Click Next to continue.
    Content 3.8 Configuring Easy VPN Server using Cisco SDM 3.8.5 Configure the Transform Set Cisco SDM provides a default transform set. You can use the default or create a new IPsec transform set configuration using these parameters: Once you click Next on the IKE proposals window, the Transform Set window appears. The next step in configuring an Easy VPN Server is to configure a transform set: Step 1 In the Transform Set window, choose a default or configured transform set in the Select Transform Set drop-down menu. If you choose an existing transform set, skip Steps 2 and 3. Step 2 Click Add to add an IPsec transform set. Step 3 The Add Transform Set window opens. Enter the IPsec transform set parameters and click OK. Step 4 Click Next to continue.
    Content 3.8 Configuring Easy VPN Server using Cisco SDM 3.8.6 Storing Group Policy Configurations on the Local Router After you click Next in the Transform Set window, the Group Authorization and Group Policy Lookup window appears. You can choose from three options for the location where Easy VPN group policies can be stored: From the Group Authorization and Group Policy Lookup window, you must select the location where user records for Xauth will be stored. This topic uses a local user database. The next topic discusses the option of an external database using RADIUS for group authentication. The first option is to configure the group policies on the local server. Figure shows this option: Step 1 In the Group Authorization and Group Policy Lookup window, click the Local radio button in the Method List for Group Policy Lookup section. Step 2 Click Next to continue. The screen shown in Figure appears. To store the user records to a local user database follow three