Cisco Easy VPN
Application Overview
The Cisco Easy VPN Remote feature and the Cisco Easy VPN Server feature offer flexibility, scalability, and ease of use for site-to-site and remote-access VPNs.
EzVPN client has two operation mode:
- Client mode (PAT mode) : the client end performs PAT for all its traffic for its host inside.
- Network extension mode : the client end makes its inside nodes routable across outside network. PAT don't apply to VPN traffic. Inside nodes get IP address statically or assigned by DHCP .
I will demonstrate how to achieve Remote IPSec VPN access in PIX.
IKE Phase1
crypto isakmp enable OUTSIDE ======== invoke ISAKMP on outside interface
crypto isakmp policy 1 ======== IKE Phase proposal
authentication pre-share
encryption des
hash md5
group 7
lifetime 86400
Define address pool from which clients obtain IP address.
ip local pool POOL 10.0.0.1-10.0.0.3
Create a user
username joey password cx15108
IKE Phase2 ( negotiate IPSec parameters)
crypto ipsec transform-set IPSEC_SET esp-des esp-md5-hmac
crypto dynamic-map DYN 1 set transform-set IPSEC_SET
crypto map MAP 1 ipsec-isakmp dynamic DYN
crypto map MAP interface OUTSIDE
tunnel-group TUN type ipsec-ra
tunnel-group TUN general-attributes
address-pool POOL
tunnel-group TUN ipsec-attributes
pre-shared-key *
A dialogue window pops up
Verify the result
IKE phase 1 CA :
IPSec CA :
VPN client routing table shows that the default path .
