Router as a Remote VPN Server using SDM Configuration

In this section, to provide you with the information to configure easy VPN server feature, allowing end users, you can use IPsec to communicate with any of the Cisco IOS ® VPN gateway.

Note: use the command lookup tool (for registered customers only) for more information about the commands used in this section.

Network Diagram:

This document uses this network setup:

Configuration Procedure:

Complete these steps in order to configure the Cisco router using SDM to a remote VPN server.

Select configuration >VPN> easy VPN server from home easy VPN Server Wizard window and then click Start.

Easy configuration of the VPN server must be enabled on the router before you begin AAA level. Click Yes to continue with the configuration.

'AAA displayed in the window has been enabled on the router successfully ' message. Click OK to start the easy VPN server configuration.

Click Next to start the Easy VPN Server Wizard.

Select the interface on which the client connections terminate and the authentication type.

Click next to configure the Internet key exchange (IKE) policy and use the Add button to create a new policy.

Configuration on both sides of the tunnel must match. However, the Cisco VPN client will automatically select the correct configuration for themselves. Therefore, no need any IKE configuration on the client PC.

Click next to select the default conversion settings or add new conversion settings for encryption and authentication algorithm specified. In this case, use the default set of conversions.

Click next to create a new authentication, authorization, and accounting (AAA) authorization network group policy list to find the network list is used to group or select an existing authorization.

Very easy to configure user authentication on the VPN server.

You can store more information on user authentication, such as a RADIUS server or native database located on an external server, or both. AAA login authentication method list is used to determine in which to search for the order in which user authentication for more information.

This window allows you to add, edit, clone, or delete user group policies on the local database.

Enter the tunnel group name name. Provides a pre-shared key for authentication information.

Creates a new pool or choose an existing pool used to assign IP addresses to VPN clients.

This window shows a summary of the actions you have taken. If you believe that your configuration, click Finish.

After completion, you can edit and modify the changes in the configuration, if needed.