Contents

Traffic to Protect 13
Summary of the Configuration 14
Spoke Configuration 15
Secure GRE Tunnel (GRE-over-IPSec) 16
GRE Tunnel Information 16
VPN Authentication Information 17
Backup GRE Tunnel Information 18
Routing Information 19
Static Routing Information 20
Select Routing Protocol 22
Summary of Configuration 23
Edit Site-to-Site VPN 23
Add new connection 26
Add Additional Crypto Maps 26
Crypto Map Wizard: Welcome 27
Crypto Map Wizard: Summary of the configuration 28
Delete Connection 28
Ping 29
Generate Mirror... 29
Cisco SDM Warning: NAT Rules with ACL 30
How Do I... 31
How Do I Create a VPN to More Than One Site? 31
After Configuring a VPN, How Do I Configure the VPN on the Peer Router? 33
How Do I Edit an Existing VPN Tunnel? 34
How Do I Confirm That My VPN Is Working? 35
How Do I Configure a Backup Peer for My VPN? 36
How Do I Accommodate Multiple Devices with Different Levels of VPN
Support? 36
How Do I Configure a VPN on an Unsupported Interface? 37
How Do I Configure a VPN After I Have Configured a Firewall? 38

Cisco Router and Security Device Manager 2.4 User’s Guide

x OL-4015-10
 Contents

How Do I Configure NAT Passthrough for a VPN? 38

Easy VPN Remote 1

Create Easy VPN Remote 1
Configure an Easy VPN Remote Client 1
Server Information 2
Authentication 3
Interfaces and Connection Settings 5
Summary of Configuration 6
Edit Easy VPN Remote 7
Add or Edit Easy VPN Remote 13
Add or Edit Easy VPN Remote: Easy VPN Settings 15
Add or Edit Easy VPN Remote: Authentication Information 18
Enter SSH Credentials 19
XAuth Login Window 20
Add or Edit Easy VPN Remote: General Settings 20
Network Extension Options 22
Add or Edit Easy VPN Remote: Authentication Information 22
Add or Edit Easy VPN Remote: Interfaces and Connections 24
How Do I... 26
How Do I Edit an Existing Easy VPN Connection? 26
How Do I Configure a Backup for an Easy VPN Connection? 26

Easy VPN Server 1

Create an Easy VPN Server 1
Welcome to the Easy VPN Server Wizard 2
Interface and Authentication 2
Group Authorization and Group Policy Lookup 3
User Authentication (XAuth) 4
User Accounts for XAuth 5
Add RADIUS Server 5

Cisco Router and Security Device Manager 2.4 User’s Guide

OL-4015-10 xi
Contents

Group Authorization: User Group Policies 6

General Group Information 7
DNS and WINS Configuration 9
Split Tunneling 9
Client Settings 11
Choose Browser Proxy Settings 14
Add or Edit Browser Proxy Settings 14
User Authentication (XAuth) 16
Client Update 17
Add or Edit Client Update Entry 18
Summary 19
Browser Proxy Settings 20
Add or Edit Easy VPN Server 21
Add or Edit Easy VPN Server Connection 23
Restrict Access 24
Group Policies Configuration 24
IP Pools 27
Add or Edit IP Local Pool 28
Add IP Address Range 28

Enhanced Easy VPN 1

Interface and Authentication 1
RADIUS Servers 2
Group Authorization and Group User Policies 4
Add or Edit Easy VPN Server: General Tab 4
Add or Edit Easy VPN Server: IKE Tab 5
Add or Edit Easy VPN Server: IPSec Tab 6
Create Virtual Tunnel Interface 8

Cisco Router and Security Device Manager 2.4 User’s Guide

xii OL-4015-10
 Contents

DMVPN 1
Dynamic Multipoint VPN 1
Dynamic Multipoint VPN (DMVPN) Hub Wizard 2
Type of Hub 3
Configure Pre-Shared Key 3
Hub GRE Tunnel Interface Configuration 4
Advanced Configuration for the Tunnel Interface 5
Primary Hub 6
Select Routing Protocol 7
Routing Information 7
Dynamic Multipoint VPN (DMVPN) Spoke Wizard 9
DMVPN Network Topology 9
Specify Hub Information 10
Spoke GRE Tunnel Interface Configuration 10
Cisco SDM Warning: DMVPN Dependency 11
Edit Dynamic Multipoint VPN (DMVPN) 12
General Panel 14
NHRP Panel 15
NHRP Map Configuration 16
Routing Panel 17
How Do I Configure a DMVPN Manually? 19

VPN Global Settings 1

VPN Global Settings 1
VPN Global Settings: IKE 3
VPN Global Settings: IPSec 4
VPN Key Encryption Settings 5

IP Security 1
IPSec Policies 1

Cisco Router and Security Device Manager 2.4 User’s Guide

OL-4015-10 xiii
Contents

Add or Edit IPSec Policy 3

Add or Edit Crypto Map: General 5
Add or Edit Crypto Map: Peer Information 6
Add or Edit Crypto Map: Transform Sets 7
Add or Edit Crypto Map: Protecting Traffic 9
Dynamic Crypto Map Sets 11
Add or Edit Dynamic Crypto Map Set 11
Associate Crypto Map with this IPSec Policy 12
IPSec Profiles 12
Add or Edit IPSec Profile 13
Add or Edit IPSec Profile and Add Dynamic Crypto Map 14
Transform Set 15
Add or Edit Transform Set 18
IPSec Rules 20

Internet Key Exchange 1

Internet Key Exchange (IKE) 1
IKE Policies 2
Add or Edit IKE Policy 4
IKE Pre-shared Keys 6
Add or Edit Pre Shared Key 7
IKE Profiles 8
Add or Edit an IKE Profile 9

Public Key Infrastructure 1

Certificate Wizards 1
Welcome to the SCEP Wizard 2
Certificate Authority (CA) Information 3
Advanced Options 4
Certificate Subject Name Attributes 4

Cisco Router and Security Device Manager 2.4 User’s Guide

xiv OL-4015-10
 Contents

Other Subject Attributes 6

RSA Keys 7
Summary 8
CA Server Certificate 9
Enrollment Status 9
Cut and Paste Wizard Welcome 9
Enrollment Task 10
Enrollment Request 10
Continue with Unfinished Enrollment 11
Import CA certificate 12
Import Router Certificate(s) 12
Digital Certificates 13
Trustpoint Information 15
Certificate Details 15
Revocation Check 15
Revocation Check, CRL Only 16
RSA Keys Window 16
Generate RSA Key Pair 17
USB Token Credentials 18
USB Tokens 19
Add or Edit USB Token 20
Open Firewall 22
Open Firewall Details 23

Certificate Authority Server 1

Create CA Server 1
Prerequisite Tasks for PKI Configurations 2
CA Server Wizard: Welcome 3
CA Server Wizard: Certificate Authority Information 3

Cisco Router and Security Device Manager 2.4 User’s Guide

OL-4015-10 xv