Cisco VPN 3000 Bedienungsanleitung PDF herunterladen (Seite 1)

Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA

A printed version of this document is an uncontrolled copy. Company Confidential

Cisco VPN 3000 Series Concentrators

Interoperability Profile

Overview

This document describes how to configure VPN 3000 Series Concentrators to implement Scenario 1 that

the VPN Consortium specifies in “Documentation Profiles for IPSec Interoperability,”

http://www.vpnc.org/InteropProfiles/Interop-01.html.

Scenario 1 is a gateway-to-gateway configuration with pre-shared secrets for authentication.

A Gateway-to-Gateway VPN Configuration

Figure 1 depicts a typical gateway-to-gateway VPN, also called a LAN-to-LAN VPN. The sections that

follow explain how to configure Gateway A using preshared secrets.

Figure 1 Gateway-to-Gateway VPN Configuration

• Gateway A connects the internal LAN 10.5.6.0/24 to the Internet. Gateway A’s LAN or Private

interface has the address 10.5.6.1, and its WAN (Internet) or Public interface has the address

14.15.16.17.

• Gateway B connects the internal LAN 172.23.9.0/24 to the Internet. Gateway B’s WAN (Internet)

or Public interface has the address 22.23.24.25. Gateway B’s LAN or Private interface address,

172.23.9.1, can be used for testing IPSec, but is not needed for configuring Gateway A.

172.23.9.0/24

172.23.9.1

83065

Gateway A Gateway B

10.5.6.0/24

10.5.6.1

14.15.16.17 22.23.24.25

Internet

1 2 3 4 5 6 ... 24 25

Inhaltsverzeichnis

Seite 1 - Interoperability Profile

Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USAA printed version of this document is an uncontrolled c

Seite 2 - Password: admin

10Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring an IKE ProposalConfiguring an IKE ProposalAn IKE proposal contains values fo

Seite 3

11Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring an IKE ProposalComplete the following steps to configure an IKE proposal.Ste

Seite 4

12Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring an IKE ProposalFigure 8 Configuration | System | Tunneling Protocols | IPSec

Seite 5 - Model 3015–3080 menu

13Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring an IKE ProposalFigure 9 VPNC IKE A to B as a New, Inactive IKE ProposalStep

Seite 6

14Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring an IKE ProposalFigure 10 VPN C IKE A to B as First-Priority, Active IKE Prop

Seite 7

15Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring a LAN-to-LAN IPSec ConnectionConfiguring a LAN-to-LAN IPSec ConnectionWhen y

Seite 8

16Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring a LAN-to-LAN IPSec ConnectionFigure 12 Configuration | System | Tunneling Pr

Seite 9

17Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring a LAN-to-LAN IPSec ConnectionTable 2 explains the fields you must complete o

Seite 10 - Configuring an IKE Proposal

18Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring a LAN-to-LAN IPSec ConnectionStep 1 In the Name field, enter a unique, descr

Seite 11

19Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring a LAN-to-LAN IPSec ConnectionFigure 13 Configuration | System | Tunneling Pr

Seite 12

2Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring the Gateway A VPN ConcentratorThe IKE Phase I parameters used in Scenario 1 a

Seite 13

20Cisco VPN 3000 Series Concentrators Interoperability ProfileModifying the New Security AssociationModifying the New Security AssociationThe VPN Conc

Seite 14

21Cisco VPN 3000 Series Concentrators Interoperability ProfileTroubleshootingFigure 16 Configuration | Policy Management | Traffic Management | Securi

Seite 15

22Cisco VPN 3000 Series Concentrators Interoperability ProfileTroubleshooting• In the IPSec | LAN-to-LAN | Add screen (see Figure 12) be sure to enter

Seite 16

23Cisco VPN 3000 Series Concentrators Interoperability ProfileTroubleshootingMismatches of Preshared KeysIt is easy to mistype a preshared key at one

Seite 17

24Cisco VPN 3000 Series Concentrators Interoperability ProfileTroubleshootingFigure 20 Configuration | System | Events | Classes | Add ScreenStep 2 In

Seite 18

25Cisco VPN 3000 Series Concentrators Interoperability ProfileTroubleshootingViewing the Event LogThere are several ways to view events. The following

Seite 19 - Ethernet 2 (Public)

3Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring the Gateway A VPN ConcentratorStep 3 The system displays the opening message

Seite 20 - Step 3 Click Modify

4Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring the Gateway A VPN ConcentratorThis table shows current IP addresses.Interface

Seite 21 - Troubleshooting

5Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring the Gateway A VPN ConcentratorStep 11 The system now has enough information s

Seite 22 - Testing Connectivity

6Cisco VPN 3000 Series Concentrators Interoperability ProfileUsing the VPN Concentrator ManagerUsing the VPN Concentrator ManagerYou can use a browser

Seite 23 - Configuring Event Classes

7Cisco VPN 3000 Series Concentrators Interoperability ProfileUsing the VPN Concentrator ManagerFigure 3 Main Welcome Screen: Quick Configuration or Ma

Seite 24

8Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring the Public InterfaceConfiguring the Public InterfaceNext configure the WAN in

Seite 25 - Viewing the Event Log

9Cisco VPN 3000 Series Concentrators Interoperability ProfileConfiguring the Public InterfaceFigure 6 Configuration | Interfaces | Ethernet 2 Screen |