136
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Chapter Configuring Security Features
Configuring VPN
Configure Group Policy Information
To
configure the group policy
,
follow these steps
,
beginning in global configuration mode
.
SUMMARY STEPS
1.
crypto isakmp client configuration group
{
group-name
|
default
}
2.
key
name
3.
dns
primary-server
4.
domain
name
5.
exit
6.
ip local pool {default |
poolname
} [
low-ip-address
[
high-ip-address
]]
DETAILED STEPS
Step 6
lifetime
seconds
Example:
Router(config-isakmp)# lifetime 480
Router(config-isakmp)#
Specifies the lifetime, from 60 to 86400 seconds,
for an IKE SA
5
.
Step 7
exit
Example:
Router(config-isakmp)# exit
Router(config)#
Exits IKE policy configuration mode and enters
global configuration mode.
1.
ISAKMP = Internet Security Association Key and Management Protocol
2.
DES = data encryption standard
3.
MD5 = Message Digest 5
4.
SHA-1 = Secure Hash standard
5.
SA = security association
Command or Action
Purpose
Command or Action
Purpose
Step 1
crypto isakmp client configuration group
{
group-name
|
default
}
Example:
Router(config)# crypto isakmp client
configuration group rtr-remote
Router(config-isakmp-group)#
Creates an IKE policy group containing attributes
to be downloaded to the remote client.
Also enters the ISAKMP group policy
configuration mode.
Step 2
key
name
Example:
Router(config-isakmp-group)# key
secret-password
Router(config-isakmp-group)#
Specifies the IKE pre-shared key for the group
policy.
