Cisco VPN 3000 Instrukcja Użytkownika Pobierz pdf

Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA

A printed version of this document is an uncontrolled copy. Company Confidential

Cisco VPN 3000 Series Concentrators

Interoperability Profile

Overview

This document describes how to configure VPN 3000 Series Concentrators to implement Scenario 1 that

the VPN Consortium specifies in “Documentation Profiles for IPSec Interoperability,”

http://www.vpnc.org/InteropProfiles/Interop-01.html.

Scenario 1 is a gateway-to-gateway configuration with pre-shared secrets for authentication.

A Gateway-to-Gateway VPN Configuration

Figure 1 depicts a typical gateway-to-gateway VPN, also called a LAN-to-LAN VPN. The sections that

follow explain how to configure Gateway A using preshared secrets.

Figure 1 Gateway-to-Gateway VPN Configuration

• Gateway A connects the internal LAN 10.5.6.0/24 to the Internet. Gateway A’s LAN or Private

interface has the address 10.5.6.1, and its WAN (Internet) or Public interface has the address

14.15.16.17.

• Gateway B connects the internal LAN 172.23.9.0/24 to the Internet. Gateway B’s WAN (Internet)

or Public interface has the address 22.23.24.25. Gateway B’s LAN or Private interface address,

172.23.9.1, can be used for testing IPSec, but is not needed for configuring Gateway A.

172.23.9.0/24

172.23.9.1

83065

Gateway A Gateway B

10.5.6.0/24

10.5.6.1

14.15.16.17 22.23.24.25

Internet

1 2 3 4 5 6 ... 24 25

Podsumowanie treści

Strona 1 - Interoperability Profile

Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USAA printed version of this document is an uncontrolled c

Strona 2 - Password: admin

10Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring an IKE ProposalConfiguring an IKE ProposalAn IKE proposal contains values fo

Strona 3

11Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring an IKE ProposalComplete the following steps to configure an IKE proposal.Ste

Strona 4

12Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring an IKE ProposalFigure 8 Configuration | System | Tunneling Protocols | IPSec

Strona 5 - Model 3015–3080 menu

13Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring an IKE ProposalFigure 9 VPNC IKE A to B as a New, Inactive IKE ProposalStep

Strona 6

14Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring an IKE ProposalFigure 10 VPN C IKE A to B as First-Priority, Active IKE Prop

Strona 7

15Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring a LAN-to-LAN IPSec ConnectionConfiguring a LAN-to-LAN IPSec ConnectionWhen y

Strona 8

16Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring a LAN-to-LAN IPSec ConnectionFigure 12 Configuration | System | Tunneling Pr

Strona 9

17Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring a LAN-to-LAN IPSec ConnectionTable 2 explains the fields you must complete o

Strona 10 - Configuring an IKE Proposal

18Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring a LAN-to-LAN IPSec ConnectionStep 1 In the Name field, enter a unique, descr

Strona 11

19Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring a LAN-to-LAN IPSec ConnectionFigure 13 Configuration | System | Tunneling Pr

Strona 12

2Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring the Gateway A VPN ConcentratorThe IKE Phase I parameters used in Scenario 1 a

Strona 13

20Cisco VPN 3000 Series Concentrators Interoperability ProfileModifying the New Security AssociationModifying the New Security AssociationThe VPN Conc

Strona 14

21Cisco VPN 3000 Series Concentrators Interoperability ProfileTroubleshootingFigure 16 Configuration | Policy Management | Traffic Management | Securi

Strona 15

22Cisco VPN 3000 Series Concentrators Interoperability ProfileTroubleshooting• In the IPSec | LAN-to-LAN | Add screen (see Figure 12) be sure to enter

Strona 16

23Cisco VPN 3000 Series Concentrators Interoperability ProfileTroubleshootingMismatches of Preshared KeysIt is easy to mistype a preshared key at one

Strona 17

24Cisco VPN 3000 Series Concentrators Interoperability ProfileTroubleshootingFigure 20 Configuration | System | Events | Classes | Add ScreenStep 2 In

Strona 18

25Cisco VPN 3000 Series Concentrators Interoperability ProfileTroubleshootingViewing the Event LogThere are several ways to view events. The following

Strona 19 - Ethernet 2 (Public)

3Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring the Gateway A VPN ConcentratorStep 3 The system displays the opening message

Strona 20 - Step 3 Click Modify

4Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring the Gateway A VPN ConcentratorThis table shows current IP addresses.Interface

Strona 21 - Troubleshooting

5Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring the Gateway A VPN ConcentratorStep 11 The system now has enough information s

Strona 22 - Testing Connectivity

6Cisco VPN 3000 Series Concentrators Interoperability ProfileUsing the VPN Concentrator ManagerUsing the VPN Concentrator ManagerYou can use a browser

Strona 23 - Configuring Event Classes

7Cisco VPN 3000 Series Concentrators Interoperability ProfileUsing the VPN Concentrator ManagerFigure 3 Main Welcome Screen: Quick Configuration or Ma

Strona 24

8Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring the Public InterfaceConfiguring the Public InterfaceNext configure the WAN in

Strona 25 - Viewing the Event Log

9Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring the Public InterfaceFigure 6 Configuration | Interfaces | Ethernet 2 Screen |