Configuration Guide
Page 4
Contents Configuring Enhanced IGRP 14 Configuration Example 15 Verifying Your Configuration 15 2 P A R T Configuring Your Router for Ethernet and DSL Access 2 C H A P T E R Sample Network Deployments 1 3 C H A P T E R Configuring PPP over Ethernet with NAT 1 Configure ... Example 4 Verify Your DHCP Configuration 4 Configure VLANs 5 Assign a Switch Port to a VLAN 6 Verify Your VLAN Configuration 6 6 C H A P T E R Configuring a VPN Using Easy VPN and an IPSec Tunnel 1 Configure the IKE Policy 4 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 4 OL-5332-01
Contents Configuring Enhanced IGRP 14 Configuration Example 15 Verifying Your Configuration 15 2 P A R T Configuring Your Router for Ethernet and DSL Access 2 C H A P T E R Sample Network Deployments 1 3 C H A P T E R Configuring PPP over Ethernet with NAT 1 Configure ... Example 4 Verify Your DHCP Configuration 4 Configure VLANs 5 Assign a Switch Port to a VLAN 6 Verify Your VLAN Configuration 6 6 C H A P T E R Configuring a VPN Using Easy VPN and an IPSec Tunnel 1 Configure the IKE Policy 4 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 4 OL-5332-01
Configuration Guide
Page 5
...Parameters 8 Apply the Crypto Map to the Physical Interface 9 Create an Easy VPN Remote Configuration 10 Verifying Your Easy VPN Configuration 11 Configuration Example 11 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation 1 Configure a VPN 2 Configure the IKE Policy 3 Configure Group Policy Information 4 Enable Policy ... Bridging on VLANs 4 Configure Radio Station Subinterfaces 6 Configuration Example 7 Sample Configuration 1 Configuring Additional Features and Troubleshooting OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5
...Parameters 8 Apply the Crypto Map to the Physical Interface 9 Create an Easy VPN Remote Configuration 10 Verifying Your Easy VPN Configuration 11 Configuration Example 11 Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation 1 Configure a VPN 2 Configure the IKE Policy 3 Configure Group Policy Information 4 Enable Policy ... Bridging on VLANs 4 Configure Radio Station Subinterfaces 6 Configuration Example 7 Sample Configuration 1 Configuring Additional Features and Troubleshooting OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 5
Configuration Guide
Page 6
... 1 Configuring AutoSecure 2 Configuring Access Lists 2 Access Groups 3 Guidelines for Creating Access Groups 3 Configuring a CBAC Firewall 3 Configuring Cisco IOS Firewall IDS 4 Configuring VPNs 4 Configuring Dial Backup and Remote Management 1 Dial Backup Feature Activation Methods 1 Backup Interfaces 2 Configuring Backup Interfaces 2 Floating Static... 17 Configure ISDN Settings 17 Configure the Aggregator and ISDN Peer Router 20 Troubleshooting 1 Getting Started 1 Before Contacting Cisco or Your Reseller 1 ADSL Troubleshooting 2 SHDSL Troubleshooting 2 ATM Troubleshooting Commands 2 ping atm interface...
... 1 Configuring AutoSecure 2 Configuring Access Lists 2 Access Groups 3 Guidelines for Creating Access Groups 3 Configuring a CBAC Firewall 3 Configuring Cisco IOS Firewall IDS 4 Configuring VPNs 4 Configuring Dial Backup and Remote Management 1 Dial Backup Feature Activation Methods 1 Backup Interfaces 2 Configuring Backup Interfaces 2 Floating Static... 17 Configure ISDN Settings 17 Configure the Aggregator and ISDN Peer Router 20 Troubleshooting 1 Getting Started 1 Before Contacting Cisco or Your Reseller 1 ADSL Troubleshooting 2 SHDSL Troubleshooting 2 ATM Troubleshooting Commands 2 ping atm interface...
Configuration Guide
Page 11
Cisco 876, Cisco 877, and Cisco 878 DSL Access Routers This preface describes the intended audience, the organization of experience. Cisco 871 Ethernet Access Router - The preface includes the following Cisco 800 series routers: • Cisco 850 Series Routers - Note We strongly recommend that allows you ... Obtaining Documentation and Submitting a Service Request Audience This guide is intended for using only the CLI. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 11 You can use the Cisco Router and Security Device Manager (SDM...
Cisco 876, Cisco 877, and Cisco 878 DSL Access Routers This preface describes the intended audience, the organization of experience. Cisco 871 Ethernet Access Router - The preface includes the following Cisco 800 series routers: • Cisco 850 Series Routers - Note We strongly recommend that allows you ... Obtaining Documentation and Submitting a Service Request Audience This guide is intended for using only the CLI. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 11 You can use the Cisco Router and Security Device Manager (SDM...
Configuration Guide
Page 12
... an IPSec Tunnel and Generic Routing Encapsulation"-Provides instructions on how to configure a VPN with a secure IP tunnel and generic routing encapsulation (GRE). • Chapter 8, "Configuring a Simple Firewall"-Provides instructions on how to configure a basic firewall on your Cisco router. • Chapter 9, "Configuring a Wireless LAN Connection"-Provides instructions on how to configure a wireless...
... an IPSec Tunnel and Generic Routing Encapsulation"-Provides instructions on how to configure a VPN with a secure IP tunnel and generic routing encapsulation (GRE). • Chapter 8, "Configuring a Simple Firewall"-Provides instructions on how to configure a basic firewall on your Cisco router. • Chapter 9, "Configuring a Wireless LAN Connection"-Provides instructions on how to configure a wireless...
Configuration Guide
Page 35
... the Ethernet-based scenarios and the Cisco 857, Cisco 876, Cisco 877, and Cisco 878 router models can pattern your Cisco username and password. and Digital Subscriber Line (DSL)-based network configurations using the Cisco 850 and Cisco 870 series access routers. The first network scenario provides ... the WAN interface with DHCP and VLANs" • Chapter 6, "Configuring a VPN Using Easy VPN and an IPSec Tunnel" OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 2-1 For Ethernet-Based Network Deployments Use the following configuration examples...
... the Ethernet-based scenarios and the Cisco 857, Cisco 876, Cisco 877, and Cisco 878 router models can pattern your Cisco username and password. and Digital Subscriber Line (DSL)-based network configurations using the Cisco 850 and Cisco 870 series access routers. The first network scenario provides ... the WAN interface with DHCP and VLANs" • Chapter 6, "Configuring a VPN Using Easy VPN and an IPSec Tunnel" OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 2-1 For Ethernet-Based Network Deployments Use the following configuration examples...
Configuration Guide
Page 36
Chapter 2 Sample Network Deployments • Chapter 7, "Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation" • Chapter 8, "Configuring a Simple Firewall" Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 2-2 OL-5332-01
Chapter 2 Sample Network Deployments • Chapter 7, "Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation" • Chapter 8, "Configuring a Simple Firewall" Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 2-2 OL-5332-01
Configuration Guide
Page 67
.... Cisco 850 series routers do not support Cisco Easy VPN. Site-to-site VPNs are used to connect branch offices to corporate offices, for example. CH A P T E R 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel The Cisco 870 series routers support the creation of VPNs are... supported-site-to-site and remote access. Figure 6-1 shows a typical deployment scenario. Cisco routers and other broadband devices provide high-performance connections to...
.... Cisco 850 series routers do not support Cisco Easy VPN. Site-to-site VPNs are used to connect branch offices to corporate offices, for example. CH A P T E R 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel The Cisco 870 series routers support the creation of VPNs are... supported-site-to-site and remote access. Figure 6-1 shows a typical deployment scenario. Cisco routers and other broadband devices provide high-performance connections to...
Configuration Guide
Page 68
... on the client site. Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Figure 6-1 Remote Access VPN Using IPSec Tunnel 5 3 4 2 Internet 6 121782 1 1 Remote, networked users 2 VPN client-Cisco 870 series access router 3 Router-Providing the corporate office network access 4 VPN server-Easy VPN server; This protocol allows most VPN parameters, such as Easy VPN Remote nodes. Client mode is located...
... on the client site. Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Figure 6-1 Remote Access VPN Using IPSec Tunnel 5 3 4 2 Internet 6 121782 1 1 Remote, networked users 2 VPN client-Cisco 870 series access router 3 Router-Providing the corporate office network access 4 VPN server-Easy VPN server; This protocol allows most VPN parameters, such as Easy VPN Remote nodes. Client mode is located...
Configuration Guide
Page 69
... VLANs" as needed to function. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-3 Note The procedures in this chapter assume that you must manually configure the IPSec VPN and Network Address Translation/Peer Address Translation (NAT/PAT...) parameters on both endpoints be configured properly to configure VPN for your router. Note The examples shown in the "Configuration Example" section on the Cisco 870 series router. Configuration Tasks Perform the following tasks to configure your application requires creation of...
... VLANs" as needed to function. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-3 Note The procedures in this chapter assume that you must manually configure the IPSec VPN and Network Address Translation/Peer Address Translation (NAT/PAT...) parameters on both endpoints be configured properly to configure VPN for your router. Note The examples shown in the "Configuration Example" section on the Cisco 870 series router. Configuration Tasks Perform the following tasks to configure your application requires creation of...
Configuration Guide
Page 70
... algorithm used in an IKE policy. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-4 OL-5332-01 The default is used in the IKE policy. Step 5 group {1 | 2 | 5} Example: Router(config-isakmp)# group 2 Router(config-isakmp)# Specifies the Diffie-Hellman ... seconds Example: Router(config-isakmp)# lifetime 480 Router(config-isakmp)# Specifies the lifetime, 60-86400 seconds, for an IKE security association (SA). The example specifies the Message Digest 5 (MD5) algorithm. Configure the IKE Policy Chapter 6 Configuring a VPN Using Easy VPN and an IPSec...
... algorithm used in an IKE policy. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-4 OL-5332-01 The default is used in the IKE policy. Step 5 group {1 | 2 | 5} Example: Router(config-isakmp)# group 2 Router(config-isakmp)# Specifies the Diffie-Hellman ... seconds Example: Router(config-isakmp)# lifetime 480 Router(config-isakmp)# Specifies the lifetime, 60-86400 seconds, for an IKE security association (SA). The example specifies the Message Digest 5 (MD5) algorithm. Configure the IKE Policy Chapter 6 Configuring a VPN Using Easy VPN and an IPSec...
Configuration Guide
Page 71
...command and additional parameters that can be downloaded to specify Windows Internet Naming Service (WINS) servers for the group. Step 2 key name Example: Router(config-isakmp-group)# key secret-password Router(config-isakmp-group)# Specifies the IKE pre-shared key for the group....DNS) server for the group by using the wins command. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-5 Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Configure Group Policy Information Configure Group Policy Information Perform these...
...command and additional parameters that can be downloaded to specify Windows Internet Naming Service (WINS) servers for the group. Step 2 key name Example: Router(config-isakmp-group)# key secret-password Router(config-isakmp-group)# Specifies the IKE pre-shared key for the group....DNS) server for the group by using the wins command. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-5 Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Configure Group Policy Information Configure Group Policy Information Perform these...
Configuration Guide
Page 72
...group policy from remote clients. For details, see the Cisco IOS Security Configuration Guide and Cisco IOS Security Command Reference. Apply Mode Configuration to the Crypto Map Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Apply Mode Configuration to the ...at login, and specifies the method used. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-6 OL-5332-01 This example uses a local authentication database. Router(config)# crypto map dynmap isakmp authorization list rtr-remote Router(config)# Step 2 crypto map tag client...
...group policy from remote clients. For details, see the Cisco IOS Security Configuration Guide and Cisco IOS Security Command Reference. Apply Mode Configuration to the Crypto Map Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Apply Mode Configuration to the ...at login, and specifies the method used. Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-6 OL-5332-01 This example uses a local authentication database. Router(config)# crypto map dynmap isakmp authorization list rtr-remote Router(config)# Step 2 crypto map tag client...
Configuration Guide
Page 73
...type encrypted-password} Example: Router(config)# username Cisco password 0 Cisco Router(config)# Establishes a username-based authentication system. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-7 ...Cisco IOS Security Command Reference. Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Configure IPSec Transforms and Protocols Step 3 Step 4 Command or Action Purpose aaa authorization {network | exec | commands Specifies AAA authorization of all level | reverse-access | configuration} {default | network-related service...
...type encrypted-password} Example: Router(config)# username Cisco password 0 Cisco Router(config)# Establishes a username-based authentication system. OL-5332-01 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-7 ...Cisco IOS Security Command Reference. Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Configure IPSec Transforms and Protocols Step 3 Step 4 Command or Action Purpose aaa authorization {network | exec | commands Specifies AAA authorization of all level | reverse-access | configuration} {default | network-related service...
Configuration Guide
Page 74
...which transform sets can be used when IPSec security associations are negotiated. Example: Router(config-crypto-map)# set transform-set vpn1 Router(config-crypto-map)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-8 OL-5332-01 Perform these steps to configure the IPSec...new security associations from remote IPSec peers, even if the router does not know all the crypto map parameters (for details. Configure the IPSec Crypto Method and Parameters Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Perform these steps to specify the...
...which transform sets can be used when IPSec security associations are negotiated. Example: Router(config-crypto-map)# set transform-set vpn1 Router(config-crypto-map)# Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 6-8 OL-5332-01 Perform these steps to configure the IPSec...new security associations from remote IPSec peers, even if the router does not know all the crypto map parameters (for details. Configure the IPSec Crypto Method and Parameters Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Perform these steps to specify the...
Configuration Guide
Page 75
...Cisco IOS Security Command Reference for the interface to each interface through which you want the crypto map applied. Step 4 exit Returns to the Internet. With the default configurations, the router provides secure connectivity by encrypting the traffic sent between remote sites. Example: Router(config-crypto-map)# exit Router...1 Command or Action interface type number Example: Router(config)# interface fastethernet 4 Router(config-if)# Purpose Enters the interface configuration mode for details. Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Apply the Crypto Map to...
...Cisco IOS Security Command Reference for the interface to each interface through which you want the crypto map applied. Step 4 exit Returns to the Internet. With the default configurations, the router provides secure connectivity by encrypting the traffic sent between remote sites. Example: Router(config-crypto-map)# exit Router...1 Command or Action interface type number Example: Router(config)# interface fastethernet 4 Router(config-if)# Purpose Enters the interface configuration mode for details. Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Apply the Crypto Map to...
Configuration Guide
Page 76
...)# group ezvpnclient key secret-password Router(config-crypto-ezvpn)# peer {ipaddress | hostname} Example: Router(config-crypto-ezvpn)# peer 192.168.100.1 Router(config-crypto-ezvpn)# mode {client | network-extension | network extension plus} Example: Router(config-crypto-ezvpn)# mode client Router(config-crypto-ezvpn)# Purpose Creates a Cisco Easy VPN remote configuration, and enters Cisco Easy VPN remote configuration mode. Note...
...)# group ezvpnclient key secret-password Router(config-crypto-ezvpn)# peer {ipaddress | hostname} Example: Router(config-crypto-ezvpn)# peer 192.168.100.1 Router(config-crypto-ezvpn)# mode {client | network-extension | network extension plus} Example: Router(config-crypto-ezvpn)# mode client Router(config-crypto-ezvpn)# Purpose Creates a Cisco Easy VPN remote configuration, and enters Cisco Easy VPN remote configuration mode. Note...
Configuration Guide
Page 77
Step 8 exit Returns to which you want the Cisco Easy VPN remote configuration applied. Example: Router(config-crypto-ezvpn)# exit Router(config)# Verifying Your Easy VPN Configuration Router# show crypto ipsec client ezvpn Tunnel name :ezvpnclient Inside interface list:vlan 1...Example: Router(config-if)# crypto ipsec client ezvpn ezvpnclient outside Router(config-if)# Assigns the Cisco Easy VPN remote configuration to the WAN interface, causing the router to global configuration mode. Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Verifying Your Easy VPN Configuration ...
Step 8 exit Returns to which you want the Cisco Easy VPN remote configuration applied. Example: Router(config-crypto-ezvpn)# exit Router(config)# Verifying Your Easy VPN Configuration Router# show crypto ipsec client ezvpn Tunnel name :ezvpnclient Inside interface list:vlan 1...Example: Router(config-if)# crypto ipsec client ezvpn ezvpnclient outside Router(config-if)# Assigns the Cisco Easy VPN remote configuration to the WAN interface, causing the router to global configuration mode. Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel Verifying Your Easy VPN Configuration ...
Configuration Guide
Page 78
... isakmp policy 1 encryption 3des authentication pre-share group 2 lifetime 480 ! Configuration Example Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel ! interface vlan 1 crypto ipsec client ezvpn ezvpnclient inside ! 6-12 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 crypto isakmp client configuration group rtr-remote key secret...
... isakmp policy 1 encryption 3des authentication pre-share group 2 lifetime 480 ! Configuration Example Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel ! interface vlan 1 crypto ipsec client ezvpn ezvpnclient inside ! 6-12 Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide OL-5332-01 crypto isakmp client configuration group rtr-remote key secret...
Configuration Guide
Page 79
... OL-5332-01 The Cisco 850 and Cisco 870 series routers support the creation of VPNs are used to connect branch offices to a corporate network. with GRE Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-1 The example in to corporate offices, for NAT) 3 VPN client-Cisco 850 or Cisco 870 series access router 4 Fast Ethernet or ATM...
... OL-5332-01 The Cisco 850 and Cisco 870 series routers support the creation of VPNs are used to connect branch offices to a corporate network. with GRE Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide 7-1 The example in to corporate offices, for NAT) 3 VPN client-Cisco 850 or Cisco 870 series access router 4 Fast Ethernet or ATM...