Easy VPN Server Configuration Tasks

Easy VPN Server Configuration Tasks

The specific commands to configure the Easy VPN Server features vary, depending on the hardware platform. Other command options, such as the Auto Upgrade feature, apply to VPN Hardware Client devices only. Examples of the type of configuration tasks that need to be implemented on the VPN Server to support Easy VPN Clients include the following. The first three are required, while all others are optional.

  • Enabling Policy Lookup via AAA (required)

  • Defining Group Policy Information for Mode Configuration Push (required)

  • Applying Mode Configuration and Xauth (required)

  • Enabling Reverse Route Injection for the Client (optional)

  • Enabling IKE Dead Peer Detection (optional)

  • Configuring RADIUS Server Support (optional)

  • Verifying Easy VPN Server (optional)

In addition, the Easy VPN Server feature enables Cisco IOS routers to push new and/or enhanced VPN policy parameters to any remote access Easy VPN client (hardware or software). This feature adds support for the following functions:

  • Mode Configuration Version 6 Support—based on an IETF draft submission.

  • Xauth Version 6 Support—based on an IETF draft submission.

  • IKE Dead Peer Detection (DPD) —a new keepalive scheme.

  • Split Tunneling Control—enables clients to have intranet and Internet access at the same time, without requiring Internet access to use the VPN tunnel.

  • Initial Contact—to facilitate reestablishing lost connections.

  • Group-Based Policy Control—Policy attributes, such as IP addresses, DNS, and split tunnel access can be enabled on a per-group or per-user basis.

Part III: Virtual Private Networks (VPNs)