Filter
Top Products
6-2
Cisco Secure Router 520 Series Software Configuration Guide
OL-14210-01
Chapter 6 Configuring a VPN Using Easy VPN and an IPsec Tunnel
Cisco Easy VPN
The Cisco Easy VPN client feature eliminates much of the tedious configuration work by implementing
the Cisco Unity Client protocol. This protocol allows most VPN parameters, such as internal IP
addresses, internal subnet masks, DHCP server addresses, WINS server addresses, and split-tunneling
flags, to be defined at a VPN server, such as a Cisco Adaptive Security Appliance (ASA) Series
concentrator that is acting as an IPsec server.
An Easy VPN server–enabled device can terminate VPN tunnels initiated by mobile and remote workers
who are running Cisco Easy VPN Remote software on PCs. Easy VPN server–enabled devices allow
remote routers to act as Easy VPN Remote nodes.
The Cisco Easy VPN client feature can be configured in one of two modes—client mode or network
extension mode. Client mode is the default configuration and allows only devices at the client site to
access resources at the central site. Resources at the client site are unavailable to the central site.
Network extension mode allows users at the central site (where the Cisco ASA Series concentrator is
located) to access network resources on the client site.
After the IPsec server has been configured, a VPN connection can be created with minimal configuration
on an IPsec client, such as a supported Cisco
Secure Router 520 Series router. When the IPsec client
initiates the VPN tunnel connection, the IPsec server pushes the IPsec policies to the IPsec client and
creates the corresponding VPN tunnel connection.
Note The Cisco Easy VPN client feature supports configuration of only one destination peer. If your
application requires creation of multiple VPN tunnels, you must manually configure the IPsec VPN and
Network Address Translation/Peer Address Translation (NAT/PAT) parameters on both the client and the
server.
Configuration Tasks
Perform the following tasks to configure your router for this network scenario:
• Configure the IKE Policy
• Configure Group Policy Information
• Apply Mode Configuration to the Crypto Map
• Enable Policy Lookup
• Configure IPsec Transforms and Protocols
• Configure the IPsec Crypto Method and Parameters
• Apply the Crypto Map to the Physical Interface
• Create an Easy VPN Remote Configuration
An example showing the results of these configuration tasks is provided in the “Configuration Example”
section on page 6-10.
4 VPN server—Easy VPN server; for example, a Cisco Adaptive Security Appliance (ASA) Series
concentrator with outside interface address 210.110.101.1
5 Corporate office with a network address of 10.1.1.1
6 IPsec tunnel