Remote access vpn

Unanswered Question
Apr 22nd, 2007

Dear All,

Please find below the entries i found in the script of pix 515E alogwith the site-to-site vpn config. Could u explain what this entries are meant for?

I could not understand it.

#ip local pool vpn-dynamic 20.x.x.1-20.20.1-254

#crypto dynamic-map dyn 20 set pfs group2

#crypto dynamic-map dyn 20 set transform-set dynamic-3des

#crypto map dyn 20 ip-sec-isakmp dynamic vpn

#crypto map dyn client configuration address initiate

#crypto map dyn client configuration address respond

#crypto map dyn client authentication radius

#crypto map dyn interface outside

i need to know what the above entriesare?

swami

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mfreijser Mon, 04/23/2007 - 08:45

Here a short explanation for every rule, you can goole/search for more specific answers. Everything can be found on the Cisco website :)

#ip local pool vpn-dynamic 20.20.1.1-20.20.1-254

--> This is a pool of addresses which are available for users who dial in via remote access vpn

#crypto dynamic-map dyn 20 set pfs group2

--> This enables the Perfect Forwarding Secrecy option

#crypto dynamic-map dyn 20 set transform-set dynamic-3des

--> Assigns a transformset to a dynamic map

#crypto map dyn 20 ip-sec-isakmp dynamic vpn

--> links the dynamic map to the ipsec/isakmp protocol and assigns it a priority number (20)

#crypto map dyn client configuration address initiate

#crypto map dyn client configuration address respond

--> These two rules make sure the Pix handles remote access vpn requests

#crypto map dyn client authentication radius

--> This says that the authentication will be handled by a RADIUS server, this server is configured somewhere else in the configuration with the aaa-server commands.

#crypto map dyn interface outside

--> Places the crypto map to the outside interface, so the pix starts waiting for vpn client

All the commands you posted can be found in the following document, decribing how to configura a Pix for VPN Cliens with RADIUS authentication:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml

Please rate if the posts helps!

Regards,

Michael

Actions

This Discussion