Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
284
Views
5
Helpful
1
Replies

Remote access vpn

arumugasamy
Level 1
Level 1

‎04-22-2007 10:50 PM - edited ‎02-21-2020 02:59 PM

Dear All,

Please find below the entries i found in the script of pix 515E alogwith the site-to-site vpn config. Could u explain what this entries are meant for?

I could not understand it.

#ip local pool vpn-dynamic 20.x.x.1-20.20.1-254

#crypto dynamic-map dyn 20 set pfs group2

#crypto dynamic-map dyn 20 set transform-set dynamic-3des

#crypto map dyn 20 ip-sec-isakmp dynamic vpn

#crypto map dyn client configuration address initiate

#crypto map dyn client configuration address respond

#crypto map dyn client authentication radius

#crypto map dyn interface outside

i need to know what the above entriesare?

swami

Labels:
0 Helpful
1 Reply 1

mfreijser
Level 1
Level 1

‎04-23-2007 08:45 AM

Here a short explanation for every rule, you can goole/search for more specific answers. Everything can be found on the Cisco website :)

#ip local pool vpn-dynamic 20.20.1.1-20.20.1-254

--> This is a pool of addresses which are available for users who dial in via remote access vpn

#crypto dynamic-map dyn 20 set pfs group2

--> This enables the Perfect Forwarding Secrecy option

#crypto dynamic-map dyn 20 set transform-set dynamic-3des

--> Assigns a transformset to a dynamic map

#crypto map dyn 20 ip-sec-isakmp dynamic vpn

--> links the dynamic map to the ipsec/isakmp protocol and assigns it a priority number (20)

#crypto map dyn client configuration address initiate

#crypto map dyn client configuration address respond

--> These two rules make sure the Pix handles remote access vpn requests

#crypto map dyn client authentication radius

--> This says that the authentication will be handled by a RADIUS server, this server is configured somewhere else in the configuration with the aaa-server commands.

#crypto map dyn interface outside

--> Places the crypto map to the outside interface, so the pix starts waiting for vpn client

All the commands you posted can be found in the following document, decribing how to configura a Pix for VPN Cliens with RADIUS authentication:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml

Please rate if the posts helps!

Regards,

Michael

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents