Upload File

cisco ios easy vpn server

11
CISCO IOS Easy VPN Server Jesús Moreno León Alberto Molina Coballes Redes de Área Local Junio 2009

Upload: jesus-moreno-leon

Post on 29-Nov-2014

13.242 views

Category:

Education


3 download

Report

DESCRIPTION

 

TRANSCRIPT

Page 1: Cisco ios easy vpn server

CISCO IOS Easy VPN Server

Jesús Moreno LeónAlberto Molina Coballes

Redes de Área Local

Junio 2009

Page 2: Cisco ios easy vpn server

Escenario

INTERNET

CLIENTE REMOTO

● Se quiere implementar una VPN de acceso remoto basada en IPSec

● Se usará un router (IOS 12.4 o posterior) como servidor Easy VPN

● Los clientes necesitan instalar CISCO Easy VPN Client

OFICINA CENTRAL

Page 3: Cisco ios easy vpn server

Tareas a realizar

I. Crear un pool de direcciones que usarán los clientes que se conecten por VPN

II. Configurar la autenticaciónIII.Configurar la política IKEIV.Configurar la política IPSec

Page 4: Cisco ios easy vpn server

I. Crear un pool de direcciones

Paso Comando Objetivo

1 r1(config)# ip local pool VPNPOOL 192.168.1.10 192.168.1.19

Se crea un pool de direcciones que permite 10 conexiones concurrentes

Page 5: Cisco ios easy vpn server

II. Configurar la autenticación

Paso Comando Objetivo

2 r1(config)# aaa new-model Activa la funcionalidad aaa (Authentication, Authorization y

Accounting)

3 r1(config)# aaa authentication login VPN-USERS local

Defina la lista de métodos de autenticación cuando un usuario

hace login (local, RADIUS...)

4 r1(config)# aaa authorization network VPN-GROUP local

Establece los parámetros que restringen el acceso de los usarios a

la red

5 r1(config)# username vpnuser password micontraseña

Se crea una cuenta de usuario que usarán los clientes VPN para

autenticarse contra el servidor

Page 6: Cisco ios easy vpn server

III. Configurar las políticas IKE

Paso Comando Objetivo

6 r1(config)# crypto isakmp policy 10 Crear una nueva política IKE. Cada política se identifica por su número de prioridad (de 1 a 10.000; 1 la más

prioridad más alta)

7 r1(config-isakmp)# encryption aes 192 Especificar el algoritmo de cifrado a utilizar

8 r1(config-isakmp)# hash sha Elegir el algoritmo de hash a usar: Message Digest 5 (MD5 [md5] ) o

Secure Hash Algorithm (SHA [sha]).

9 r1(config-isakmp)# authentication pre-share

Determinar el método de autenticación: pre-shared keys

(pre-share), RSA1 encrypted nonces (rsa-encr), o RSA signatures (rsa-slg).

Page 7: Cisco ios easy vpn server

III. Configurar las políticas IKE

Paso Comando Objetivo

10 r1(config-isakmp)# group 5 Especificar el identificador de grupo Diffie-Hellman

11 r1(config)# crypto isakmp client configuration group VPN-GROUP

Crea un grupo IKE para los clientes VPN

12 r1(config-isakmp-group)# key SECRETOCOMPATIDO

Establece el secreto compartido para el grupo VPN-GROUP

13 r1(config-isakmp-group)# pool VPNPOOL

Se selecciona el pool de direcciones para los clientes

Page 8: Cisco ios easy vpn server

IV. Configurar la política IPSec

Paso Comando Objetivo

14 r1(config)# crypto ipsec transform-set VPNSET esp-aes esp-sha-hmac

Establece las políticas de seguridad IPSEC que se usarán en las

comunicaciones

15 r1(config)# crypto dynamic-map VPN-DYNAMIC 10

Crea un crypto map dinámico que se usa cuando la IP del host remoto no se conoce, como es el caso en las

VPN de acceso remoto16 r1(config-crypto-map)# set transform-

set VPNSETAsocia el transform set VPNSET al

crypto map dinámico

17 r1(config-crypto-map)# reverse-route Activa Reverse Route Injection (RRI)

Page 9: Cisco ios easy vpn server

IV. Configurar la política IPSec

Paso Comando Objetivo

18 r1(config)# crypto map VPN-STATIC client configuration address respond

Configura un crypto map estático que puede ser asociado a una

interfaz

19 r1(config)# crypto map VPN-STATIC client authentication list VPN-USERS

Define el conjunto de usuarios con permisos de autenticación

20 r1(config)# crypto map VPN-STATIC isakmp authorization list VPN-GROUP

Establece el grupo de usuarios y los parámetros de acceso a la red

21 r1(config)# crypto map VPN-STATIC 20 ipsec-isakmp dynamic VPN-DYNAMIC

Asocia el crypto map dinámico creado para los clientes de acceso

remoto

Page 10: Cisco ios easy vpn server

IV. Configurar la política IPSec

Paso Comando Objetivo

22 r1(config)# interface serial 1/0 Accedemos a la configuración de la interfaz por la que se conectarán los

clientes VPN

23 r1(config-if)# crypto map VPN-STATIC Asociamos el crypto map a la interfaz

24 r1# write Guardamos todos los cambios

Page 11: Cisco ios easy vpn server

Conexión desde el cliente

CISCO VPN CLIENTPACKET TRACERT


IPS Feature in Cisco Routers in Cisco IOS Software Release ...9aaa8eb645f... · IPS Feature in Cisco Routers in Cisco IOS Software ... Cisco IOS IPS in Cisco IOS Software Release

UNSW VPN on iOS - University of New South Wales · 2014-02-04 · free Cisco AnyConnect App From the iTunes App Store. ... AnyConnect VPN CISCO Secure Mobility Client AnyConnect VPN

Release Notes for VPN Client, Release 4.0 · Release Notes for VPN Client, Release 4.0.1 78-15406-02 ... The Cisco VPN Client supports the following Cisco VPN devices: • Cisco VPN

Cisco VXC VPN...Cisco VXC VPN • CiscoVXCRequirements,page1 • SetUpCiscoVXCVPN,page3 • CiscoVXCVPNLimitationsandRestrictions,page7 Cisco VXC Requirements

VPN Availability Configuration Guide, Cisco IOS XE Release 3S · VPN Availability Configuration Guide, Cisco IOS XE Release 3S Americas Headquarters Cisco Systems, Inc. 170 West Tasman

Cisco VPN Client Configuration - Setup for IOS Router

Cisco Support Community Expert Series Webcast Configuring ...€¦ · Configuring and Troubleshooting MPLS VPN Cisco Support Community Expert Series Webcast . Switch and IOS Architecture

VPN mit Cisco AnyConnectœR... · 2015. 2. 11. · VPN mit Cisco AnyConnect | Alle VPN Zugang erstellen Der Cisco AnyConnect VPN Client dient Ihnen zum verschlüsselten Zugang auf

Setting up the URMC VPN on iOS Devices Part 1....Setting up the URMC VPN on iOS Devices Prior to proceeding with the below directions for installing and configuring Cisco AnyConnect

SSL VPN - cisco.com · SSL VPN Last Updated: October 19, 2011 The SSL VPN feature (also known as WebVPN) provides support, in Cisco IOS software, for remote user access to enterprise

cisco Ios Dmvpn Overview - Cisco - Global Home Page · endpoint security through Cisco Secure Desktop Industry-Leading VPN Solutions © 2007 Cisco Systems, Inc. All rights reserved

Cisco IOS Firewall - 123seminarsonly.com · Design Guide Cisco IOS Firewall ... DMVPN, traditional IPsec ... the foundation of Cisco IOS Firewall, was introduced in Cisco IOS Software

Cisco Mobile VPN

Cisco IOS Firewall - 123seminarsonly.com€¦ · Cisco IOS Firewall Cisco IOS ® Firewall is a stateful security software component of Cisco IOS Software. Firewall integration in

Cisco - Clientless SSL VPN (WebVPN) on Cisco IOS Using …cna.mamk.fi/Public/Cisco/Ohjeet/webvpn.pdf · Clientless SSL VPN (WebVPN) on Cisco IOS Using SDM Configuration Example Document

Cisco IOS SSL VPN Smart Tunnels Support to Configure Cisco IOS SSL VPN Smart Tunnels Support Configuring a Smart Tunnel List and Adding Applications Configuringthesmarttunnellistandaddingtheapplicationstothelistontherouterwithadministrative

Cisco VPN Client

ATTACK CHAIN LESSONS - Secure360 Barracuda NG Cisco ASA & VPN Cisco IOS Cisco Meraki Check Point Clavister W20 Fortinet Fortigate Juniper Junos OS Juniper Netscreen McAfee Palo Alto

Nortel VPN Router Configuration With Cisco IOS Branch Office Tunnel - Shared Key

Cisco Easy VPN on Cisco IOS Routers › c › dam › en › us › products › collateral › ... · Several advanced mechanisms such as IPsec stateful failover, Dead Peer Detection

Cisco VPN Primer

CISCO INTEGRATED SERVICES ROUTER · + IOS Firewall + VPN + VoiceMail Cisco 7905G Cisco 7960G IP-telefoons Figuur 1 Multivendor-netwerk Internet WAN PSTN PBX Router Fabrikant 2 Firewall

Cisco Router as a Remote VPN Server using SDM ... · a remote end user to communicate using IPsec with any Cisco IOS® VPN gateway. Note: Use the Command Lookup Tool (registered customers

Cisco ECT-Based Group Encrypted Transport VPN · The Cisco ® Enterprise-Class Teleworker (ECT) ... traffic before forwarding it to customer edge routers. Cisco IOS GET VPN is a group

MPLS/VPN Configuration on IOS Platforms - The Cisco Learning

Cisco Unified Communications Manager and Cisco IOS … · About Cisco IOS and Cisco IOS XE Software Documentation Documentation Organization iv Cisco IOS Documentation Set Cisco IOS

Cisco VPN (5)

Cisco IPSec VPN Gateway Security Procedures v1.0 (final) · Cisco IPSec VPN Gateway ... and optional integrated call processing and voice mail. ISR G2 routers run Cisco IOS ... When

Cisco IOS Security Command Reference iii Cisco IOS Security Command Reference 78-11748-02 About Cisco IOS Software Documentation v Using Cisco IOS Software …

Cisco IOS Switching Services Command Reference Cisco IOS Switching Services Command Reference CONTENTS About Cisco IOS Software Documentation v Using Cisco IOS Software …

Cisco Community...Cisco Branch Routing Portfolio • Up to 250 Mbps • Fixed and fanless • Cisco IOS based • High performance VPN ISR 900 ISR 1000 • Up to 350 Mbps • Cisco

8.7.1.1 Lab - Configuring a Site-To-Site VPN Using Cisco IOS and CCP

SSL VPN Configuration Guide, Cisco IOS Release 12 · Other SSL VPN Features 31 Platform Support 35 How to Configure SSL VPN Services on a Router 35 Configuring an SSL VPN Gateway

Cisco VPN Config

Dynamic Multipoint VPN Configuration Guide, Cisco IOS Release