Configuring For Remote Vpn Client; Configuring Remote Vpn Using Cli - Motorola WS5100 Series Migration Giude

Hide thumbs Also See for WS5100 Series:

Cli reference manual (492 pages)

Reference manual (444 pages)

Troubleshooting manual (100 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

Table of Contents

11.3.7 Configuring for Remote VPN Client

When the client initiates a connection with the VPN server on our switch, the "conversation" that occurs

between the peers consists of device authentication via Internet Key Exchange (IKE), followed by user

authentication using IKE Extended Authentication (Xauth), push client relate configuration like IP address,

DNS, WINS using Mode Configuration, and IPsec security association (SA) creation. An overview of this

process is as follows:

1. The client attempts to establish an IKE SA between its public IP address and the public IP address of the

switch where the VPN server is running.

2. After the IKE SA is successfully established, and if the switch is configured for Xauth, the client waits for

a "username/password" challenge and then responds to the challenge of the switch.

3. The information that is entered is checked against authentication entities (either configured on the

switch or using radius server).

4. If the switch indicates that authentication was successful, the client requests further configuration

parameters from the switch. The remaining system parameters (for example, IP address, DNS, WINS) are

pushed to the client at this time using Client Mode Configuration.

5. After the client has received the configuration it negotiates an IPSec SA with the gateway using the

private address

The configuration for client related parameters is done using client mode configuration. This client

configuration group is then set in cryto map entry that will be assigned on an interface.

11.3.7.1 Configuring Remote VPN using CLI

The following additional CLI configurations are required for remote VPN configuration:

1. Specify the private address pool, also known as mode-config address.You can also configure address

pool spanning different range.

WS5100(config)# ip local pool lo 192.168.0.2 hi 192.168.0.10

2. Specify the authentication type – either RADIUS or local authentication.

WS5100(config)# vpn-authentication [radius|local]

• For RADIUS authentication, you can configure upto two radius servers.

WS5100(config)# aaa vpn-authentication primary 10.1.1.103 key motorola

WS5100(config)# aaa vpn-authentication secondary 10.1.1.105 key motorola123

• Create username/password if you use local authentication

WS5100(config)# local username harry password motorola123

WS5100(config)# local username john password motorola234

3. Specify the dns/wins for the remote client.

WS5100(config)# crypto isakmp client configuration group default

WS5100(config-crypto-group)# dns 10.1.1.1

WS5100(config-crypto-group)# wins 10.1.1.1

11-11

VPN

Table of Contents

Configuring For Remote Vpn Client; Configuring Remote Vpn Using Cli - Motorola WS5100 Series Migration Giude

11.3.7 Configuring for Remote VPN Client

11.3.7.1 Configuring Remote VPN using CLI

Related Manuals for Motorola WS5100 Series

Related Content for Motorola WS5100 Series

Table of Contents