Configurable VPN Settings on Router MC


The three main areas within VPN settings are general, hub, and spoke. The general area is where you configure failover, routing, and fragmentation policies. The hub area is where you define the inside interfaces of the hub router along with specific networks attached to the inside hub. The spoke area is where you define the inside interfaces of the spoke router along with specific networks attached to the inside spoke. Also defined on the spoke are the interfaces you will use to create the VPN tunnel to the spoke and which spoke will be used as a tunnel endpoint.

General

To configure failover, choose Configure, Settings, General and then click Failover and Routing. If you select the IKE Keepalive radio button, IKE will be used for failover. If you select the GRE radio button, a routing protocol will be used for failover. You can select either Enhanced Interior Gateway Routing Protocol (EIGRP) or Open Shortest Path First (OSPF) as the routing protocol with GRE.

To configure fragmentation, choose Configure, Settings, General and then click Fragmentation. You can select either MTU Discovery or Local MTU handling. Maximum transmission unit (MTU) discovery uses Internet Control Message Protocol (ICMP) messages to determine the end-to-end MTU size. Cisco recommends that you use MTU discovery with fragmentation.

Hub

To configure the inside interfaces that will be used on the hub router, choose Configure, Settings, Hub and then click Inside Interfaces. The Router MC uses the defined inside interfaces to create the required ACLs used with IPSec.

To configure the networks that will be used on the hub router, choose Configure, Settings, Hub and then click Networks. The networks defined on the hub router are those networks behind the inside interface that are not directly attached to the hub router's inside interface.

Spoke

To configure the inside interfaces that will be used on the spoke router, choose Configure, Settings, Spoke and then click Inside Interfaces. The Router MC uses the defined inside interfaces to create the required ACLs used with IPSec.

To configure the networks that will be used on the spoke router, click Configure, Settings, Spoke and then click Networks. The networks defined on the spoke router are those networks behind the inside interface that are not directly attached to the spoke router's inside interface.

After configuring those two items, you need to configure the VPN interface on the spoke. The VPN interface is the physical interface used for IPSec communication, and it cannot be a defined inside interface. To configure the VPN interface, click Configure, Settings, Spoke and then VPN Interface.

The hub router interface used by the spoke router for IPSec communication is defined on the spoke. The hub router interface cannot be a defined inside interface. To configure the VPN interface, click Configure, Settings, Spoke and then Hub Assignment.



CCSP SECUR Exam Cram 2
CCSP SECUR Exam Cram 2 (642-501)
ISBN: B000MU86IQ
EAN: N/A
Year: 2003
Pages: 291
Authors: Raman Sud

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net