Configure Cisco Easy VPN Server on a Router
Introduction      Requirements      Configure Cisco Easy VPN Server on a Router           Configure an Easy VPN Server      Next Step      Troubleshoot the Procedure      Related Information	Download PDF   Configure Cisco Easy VPN Server on a Router

Introduction

Cisco Easy VPN Server allows a Cisco router to manage VPN security policies for remote VPN connections, thus reducing the management complexity of VPN deployments. This document explains how to configure Cisco Easy VPN Server on your router.

Note: This document uses examples from SDM version 2.0. Other versions of SDM can display different output.

Back to Top

Requirements

You need the following items to use this document:

• You must have completed Configure Your Router with Security Device Manager.

• You must have completed Set Up Internet Security on a Cisco Router

• Completed worksheets from the Site Survey:

  • Internet Worksheet

  • Internet Services Worksheet

  • Security Appliance Worksheet

  • LAN Addressing Worksheet

Back to Top

Configure Cisco Easy VPN Server on a Router

Follow these steps to set up a Cisco Easy VPN Server on your router:

Configure an Easy VPN Server

Follow these steps to configure an Easy VPN Server:

1. Open a web browser and type http:// router-IP-address in the Address field. Use the IP address that you entered in field L6A of the LAN Addressing Worksheet. Press Enter to launch SDM. For more information about how to launch SDM, refer to Configure your Router with Security Device Manager.

2. Click Configure.

   

3. Click VPN.

   

4. On the VPN Screen, click Easy VPN Server.

   

5. On the Create Easy VPN Server screen, follow these steps to enable AAA:

   Note: If AAA is already enabled in the Router, proceed to the next step.

   1. Click Enable AAA.

      

   2. Click Yes to enable AAA on the Router

      

   3. Click OK on the Command Delivery Status screen.

      

   4. Click OK to confirm.

      

6. On the Create Easy VPN Server screen, choose Create an Easy VPN server and click Launch the selected task.

   

7. On the Welcome to Easy VPN Server Wizard screen, click Next.

   

8. On the Select an Interface screen, choose the Internet interface that you entered in field B37 of the Router Worksheet. Click Next.

   Note: If SDM displays options for Authentication, choose Pre-shared keys.

   

9. On the IKE Proposal screen, choose the first IKE Proposal option and click Next.

   Note: If your router displays only one IKE Proposal, choose the first option and click Next.

   

10. Click Next to use the SDM Default Transform Set.

    

11. On the Group Authorization/Group policy Lookup screen, choose Local Only and click Next.

    

12. On the User Authentication screen, check Enable User Authentication. Choose Local Only and click Next.

    

13. On the Group Authentication/User Group Policies screen, click Add to create a new group policy.

    

14. On the Add Group Policy screen, click the General tab and enter these settings:

    1. In the Group Information field, enter the VPN group name that you entered in field R21 of the Remote Networking Assignments worksheet.

    2. Check the option for Pre-shared Key.

    3. Next to Enter new pre-shared key, enter the pre-shared key that you entered in field R22 of the Internet Worksheet.

    4. Next to Re-enter new pre-shared key, enter the pre-shared key again.

    5. Check the option for Pool Information.

    6. Choose Create a new pool.

    7. Next to IP Address Range, enter these values:

       • In the first field, enter the VPN User Start Range that you entered in field L40A of the LAN Addressing Worksheet.

       • In the second field, enter VPN User End Range IP addresses that you entered in fields L41A of the LAN Addressing Worksheet.

    

15. Click the DNS/WINS tab.

    

16. On the DNS/WINS tab, choose these settings:

    • Check the DNS option.

    • Next to Primary DNS Server, enter the Primary DNS Server IP Address that you entered in field B50 of the Internet Worksheet.

    • Next to Secondary DNS Server, enter the Secondary DNS Server IP Address that you entered in field B51 of the Internet Worksheet.

    • Next to Domain Name, enter the Default Domain Name that you entered in field B48 of the Internet Worksheet.

    Click OK.

    

17. On the Group Authentication/User Group Policies screen, click Next.

    

18. Click Finish to complete the VPN wizard. Click OK to confirm.

19. Click the Save icon to save the new configuration.

    

Back to Top

Next Step

You have completed this procedure.

To make further changes to the router, refer to the Router Support Page.

To configure other devices in your network, refer to the Configuration Overview Page.

Back to Top

Troubleshoot the Procedure

This section provides information about common problems that you may encounter. If this information does not solve your problem, contact the SMB TAC for assistance.

Back to Top

Related Information

• Router Support Page
• Site Survey
• Cable Descriptions
• Configure an IP Address on Your PC
• Site Survey