SlideShare une entreprise Scribd logo

Vpn addind technique

K
kamarasan karthik

Networking related

Périphériques & matérielTechnologie
1  sur  4
Télécharger pour lire hors ligne
C H A P T E R 31-1 Cisco Security Appliance Command Line Configuration Guide OL-10088-02 31 Configuring IP Addresses for VPNs This chapter describes IP address assignment methods. IP addresses make internetwork connections possible. They are like telephone numbers: both the sender and receiver must have an assigned number to connect. But with VPNs, there are actually two sets of addresses: the first set connects client and server on the public network. Once that connection is made, the second set connects client and server through the VPN tunnel. In security appliance address management, we are dealing with the second set of IP addresses: those private IP addresses that connect a client with a resource on the private network, through the tunnel, and let the client function as if it were directly connected to the private network. Furthermore, we are dealing only with the private IP addresses that get assigned to clients. The IP addresses assigned to other resources on your private network are part of your network administration responsibilities, not part of VPN management. Therefore, when we discuss IP addresses here, we mean those IP addresses available in your private network addressing scheme that let the client function as a tunnel endpoint. This chapter includes the following sections: • Configuring an IP Address Assignment Method, page 31-1 • Configuring Local IP Address Pools, page 31-2 • Configuring AAA Addressing, page 31-2 • Configuring DHCP Addressing, page 31-3 Configuring an IP Address Assignment Method The security appliance can use one or more of the following methods for assigning IP addresses to remote access clients. If you configure more than one address assignment method, the security appliance searches each of the options until it finds an IP address. By default, all methods are enabled. To view the current configuration, enter the show running-config all vpn-addr-assign command. • aaa—Retrieves addresses from an external authentication server on a per-user basis. If you are using an authentication server that has IP addresses configured, we recommend using this method. • dhcp—Obtains IP addresses from a DHCP server. If you want to use DHCP, you must configure a DHCP server. You must also define the range of IP addresses that the DHCP server can use. • local—Use an internal address pool. Internally configured address pools are the easiest method of address pool assignment to configure. If you choose local, you must also use the ip-local-pool command to define the range of IP addresses to use. To specify a method for assigning IP addresses to remote access clients, enter the vpn-addr-assign command in global configuration mode. The syntax is vpn-addr-assign {aaa | dhcp | local}.
31-2 Cisco Security Appliance Command Line Configuration Guide OL-10088-02 Chapter 31 Configuring IP Addresses for VPNs Configuring an IP Address Assignment Method Configuring Local IP Address Pools To configure IP address pools to use for VPN remote access tunnels, enter the ip local pool command in global configuration mode. To delete address pools, enter the no form of this command. The security appliance uses address pools based on the tunnel group for the connection. If you configure more than one address pool for a tunnel group, the security appliance uses them in the order in which they are configured. If you assign addresses from a non-local subnet, we suggest that you add pools that fall on subnet boundaries to make adding routes for these networks easier. A summary of the configuration of local address pools follows: hostname(config)# vpn-addr-assign local hostname(config)# ip local pool firstpool 10.20.30.40-10.20.30.50 mask 255.255.255.0 hostname(config) Step 1 To configure IP address pools as the address assignment method, enter the vpn-addr-assign command with the local argument: hostname(config)# vpn-addr-assign local hostname(config)# Step 2 To configure an address pool, enter the ip local pool command. The syntax is ip local pool poolname first-address—last-address mask mask. The following example configures an IP address pool named firstpool. The starting address is 10.20.30.40 and the ending address is 10.20.30.50. The network mask is 255.255.255.0. hostname(config)# ip local pool firstpool 10.20.30.40-10.20.30.50 mask 255.255.255.0 hostname(config) Configuring AAA Addressing To use a AAA server to assign addresses for VPN remote access clients, you must first configure a AAA server or server group. See the aaa-server protocol command in the Cisco Security Appliance Command Reference and “Identifying AAA Server Groups and Servers,” in Chapter 13, “Configuring AAA Servers and the Local Database” of this guide. In addition, the user must match a tunnel group configured for RADIUS authentication. The following examples illustrate how to define a AAA server group called RAD2 for the tunnel group named firstgroup. It includes one more step than is necessary, in that previously you might have named the tunnel group and defined the tunnel group type. This step appears in the following example as a reminder that you have no access to subsequent tunnel-group commands until you set these values. An overview of the configuration that these examples create follows: hostname(config)# vpn-addr-assign aaa hostname(config)# tunnel-group firstgroup type ipsec-ra hostname(config)# tunnel-group firstgroup general-attributes hostname(config-general)# authentication-server-group RAD2 To configure AAA for IP addressing, perform the following steps:
31-3 Cisco Security Appliance Command Line Configuration Guide OL-10088-02 Chapter 31 Configuring IP Addresses for VPNs Configuring an IP Address Assignment Method Step 1 To configure AAA as the address assignment method, enter the vpn-addr-assign command with the aaa argument: hostname(config)# vpn-addr-assign aaa hostname(config)# Step 2 To establish the tunnel group called firstgroup as a remote access or LAN-to-LAN tunnel group, enter the tunnel-group command with the type keyword. The following example configures a remote access tunnel group. hostname(config)# tunnel-group firstgroup type ipsec-ra hostname(config)# Step 3 To enter general-attributes configuration mode, which lets you define a AAA server group for the tunnel group called firstgroup, enter the tunnel-group command with the general-attributes argument. hostname(config)# tunnel-group firstgroup general-attributes hostname(config-general)# Step 4 To specify the AAA server group to use for authentication, enter the authentication-server-group command. hostname(config-general)# authentication-server-group RAD2 hostname(config-general)# This command has more arguments that this example includes. For more information, see the Cisco Security Appliance Command Reference. Configuring DHCP Addressing To use DHCP to assign addresses for VPN clients, you must first configure a DHCP server and the range of IP addresses that the DHCP server can use. Then you define the DHCP server on a tunnel group basis. Optionally, you can also define a DHCP network scope in the group policy associated with the tunnel group or username. This is either an IP network number or IP Address that identifies to the DHCP server which pool of IP addresses to use. The following examples define the DHCP server at IP address 172.33.44.19 for the tunnel group named firstgroup. They also define a DHCP network scope of 192.86.0.0 for the group policy called remotegroup. (The group policy called remotegroup is associated with the tunnel group called firstgroup). If you do not define a network scope, the DHCP server assigns IP addresses in the order of the address pools configured. It goes through the pools until it identifies an unassigned address. The following configuration includes more steps than are necessary, in that previously you might have named and defined the tunnel group type as remote access, and named and identified the group policy as internal or external. These steps appear in the following examples as a reminder that you have no access to subsequent tunnel-group and group-policy commands until you set these values. A summary of the configuration that these examples create follows: hostname(config)# vpn-addr-assign dhcp hostname(config)# tunnel-group firstgroup type ipsec-ra hostname(config)# tunnel-group firstgroup general-attributes hostname(config-general)# dhcp-server 172.33.44.19 hostname(config-general)# exit hostname(config)# group-policy remotegroup internal hostname(config)# group-policy remotegroup attributes hostname(config-group-policy)# dhcp-network-scope 192.86.0.0
31-4 Cisco Security Appliance Command Line Configuration Guide OL-10088-02 Chapter 31 Configuring IP Addresses for VPNs Configuring an IP Address Assignment Method To define a DHCP server for IP addressing, perform the following steps. Step 1 To configure DHCP as the address assignment method, enter the vpn-addr-assign command with the dhcp argument: hostname(config)# vpn-addr-assign dhcp hostname(config)# Step 2 To establish the tunnel group called firstgroup as a remote access or LAN-to-LAN tunnel group, enter the tunnel-group command with the type keyword. The following example configures a remote access tunnel group. hostname(config)# tunnel-group firstgroup type ipsec-ra hostname(config)# Step 3 To enter general-attributes configuration mode, which lets you configure a DHCP server, enter the tunnel-group command with the general-attributes argument. hostname(config)# tunnel-group firstgroup general-attributes hostname(config)# Step 4 To define the DHCP server, enter the dhcp-server command. The following example configures a DHCP server at IP address 172.33.44.19. hostname(config-general)# dhcp-server 172.33.44.19 hostname(config-general)# Step 5 Exit tunnel-group mode. hostname(config-general)# exit hostname(config)# Step 6 To define the group policy called remotegroup as an internally or externally configured group, enter the group-policy command with the internal or external argument. The following example configures an internal group. hostname(config)# group-policy remotegroup internal hostname(config)# Step 7 (Optional) To enter group-policy attributes configuration mode, which lets you configure a subnetwork of IP addresses for the DHCP server to use, enter the group-policy command with the attributes keyword. hostname(config)# group-policy remotegroup attributes hostname(config-group-policy)# Step 8 (Optional) To specify the range of IP addresses the DHCP server should use to assign addresses to users of the group policy called remotegroup, enter the dhcp-network-scope command. The following example configures at network scope of 192.86.0.0. hostname(config-group-policy)# dhcp-network-scope 192.86.0.0 hostname(config-group-policy)#

Recommandé

Dhcp 11
Dhcp 11Dhcp 11
Dhcp 11
Jainul Musani
 
Wintel ppt for dhcp
Wintel ppt for dhcpWintel ppt for dhcp
Wintel ppt for dhcp
duraimurugan89
 
Configuration DHCP
Configuration DHCPConfiguration DHCP
Configuration DHCP
Tan Huynh Cong
 
DYNAMIC HOST CONFIGURATION PROTOCOL
DYNAMIC HOST CONFIGURATION PROTOCOLDYNAMIC HOST CONFIGURATION PROTOCOL
DYNAMIC HOST CONFIGURATION PROTOCOL
VENKATESHAN A S
 
DHCP & DNS
DHCP & DNSDHCP & DNS
DHCP & DNS
NetProtocol Xpert
 
Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linux
jasembo
 
Investigation of dhcp packets using wireshark
Investigation of dhcp packets using wiresharkInvestigation of dhcp packets using wireshark
Investigation of dhcp packets using wireshark
jpratt59
 
Dhcp
DhcpDhcp
Dhcp
tameemyousaf
 

Recommandé

Dhcp 11
Dhcp 11Dhcp 11
Dhcp 11
Jainul Musani
 
Wintel ppt for dhcp
Wintel ppt for dhcpWintel ppt for dhcp
Wintel ppt for dhcp
duraimurugan89
 
Configuration DHCP
Configuration DHCPConfiguration DHCP
Configuration DHCP
Tan Huynh Cong
 
DYNAMIC HOST CONFIGURATION PROTOCOL
DYNAMIC HOST CONFIGURATION PROTOCOLDYNAMIC HOST CONFIGURATION PROTOCOL
DYNAMIC HOST CONFIGURATION PROTOCOL
VENKATESHAN A S
 
DHCP & DNS
DHCP & DNSDHCP & DNS
DHCP & DNS
NetProtocol Xpert
 
Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linux
jasembo
 
Investigation of dhcp packets using wireshark
Investigation of dhcp packets using wiresharkInvestigation of dhcp packets using wireshark
Investigation of dhcp packets using wireshark
jpratt59
 
Dhcp
DhcpDhcp
Dhcp
tameemyousaf
 
Basics about IP address, DNS and DHCP.
Basics about IP address, DNS and DHCP.Basics about IP address, DNS and DHCP.
Basics about IP address, DNS and DHCP.
abhishek bhandare
 
Dhcp
DhcpDhcp
Dhcp
Sandeep Kamath
 
DHCP (dynamic host configuration protocol)
DHCP (dynamic host configuration protocol)DHCP (dynamic host configuration protocol)
DHCP (dynamic host configuration protocol)
Netwax Lab
 
Lesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol ALesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol A
Mahmmoud Mahdi
 
Dhcp ppt
Dhcp pptDhcp ppt
Dhcp ppt
Hema Dhariwal
 
Dynamic Host Configuration Protocol
Dynamic Host Configuration ProtocolDynamic Host Configuration Protocol
Dynamic Host Configuration Protocol
gueste98b36
 
Dhcp snooping option 82 configuration
Dhcp snooping option 82 configurationDhcp snooping option 82 configuration
Dhcp snooping option 82 configuration
IT Tech
 
DHCP
DHCPDHCP
DHCP
Nitin Bhasin
 
Linux05 DHCP Server
Linux05 DHCP ServerLinux05 DHCP Server
Linux05 DHCP Server
Jainul Musani
 
unit 2
unit 2unit 2
unit 2
Sangeetha Rangarajan
 
dynamic host configuration protocol
dynamic host configuration protocoldynamic host configuration protocol
dynamic host configuration protocol
kinish kumar
 
Networking DHCP server Setup Reports
Networking DHCP server Setup ReportsNetworking DHCP server Setup Reports
Networking DHCP server Setup Reports
Jiaul Hasan Jony
 
Dhcp
DhcpDhcp
Dhcp
Tapan Khilar
 
Dhcp presentation
Dhcp presentationDhcp presentation
Dhcp presentation
Saqib Malik
 
Dhcp
DhcpDhcp
Dhcp
Chinmoy Jena
 
DHCP Protocol
DHCP ProtocolDHCP Protocol
DHCP Protocol
Mohammed Hisham
 
Configurar dhcp en router cisco
Configurar dhcp en router ciscoConfigurar dhcp en router cisco
Configurar dhcp en router cisco
Guiro Lin
 
DNS, DHCP Configuration
DNS, DHCP Configuration DNS, DHCP Configuration
DNS, DHCP Configuration
Anik Saha
 
DHCP
DHCPDHCP
DHCP
Kashif Latif
 
DHCP Server & Client Presentation
DHCP Server & Client PresentationDHCP Server & Client Presentation
DHCP Server & Client Presentation
raini
 
EFEK RUMAH KACA
EFEK RUMAH KACAEFEK RUMAH KACA
EFEK RUMAH KACA
Ziadatul M
 
ПНИПУ
ПНИПУПНИПУ
ПНИПУ
nastya1807
 

Contenu connexe

Tendances

Networking DHCP server Setup Reports
Networking DHCP server Setup ReportsNetworking DHCP server Setup Reports
Networking DHCP server Setup Reports
Jiaul Hasan Jony
 

Tendances (20)

Basics about IP address, DNS and DHCP.
Basics about IP address, DNS and DHCP.Basics about IP address, DNS and DHCP.
Basics about IP address, DNS and DHCP.
 
Dhcp
DhcpDhcp
Dhcp
 
DHCP (dynamic host configuration protocol)
DHCP (dynamic host configuration protocol)DHCP (dynamic host configuration protocol)
DHCP (dynamic host configuration protocol)
 
Lesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol ALesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol A
 
Dhcp ppt
Dhcp pptDhcp ppt
Dhcp ppt
 
Dynamic Host Configuration Protocol
Dynamic Host Configuration ProtocolDynamic Host Configuration Protocol
Dynamic Host Configuration Protocol
 
Dhcp snooping option 82 configuration
Dhcp snooping option 82 configurationDhcp snooping option 82 configuration
Dhcp snooping option 82 configuration
 
DHCP
DHCPDHCP
DHCP
 
Linux05 DHCP Server
Linux05 DHCP ServerLinux05 DHCP Server
Linux05 DHCP Server
 
unit 2
unit 2unit 2
unit 2
 
dynamic host configuration protocol
dynamic host configuration protocoldynamic host configuration protocol
dynamic host configuration protocol
 
Networking DHCP server Setup Reports
Networking DHCP server Setup ReportsNetworking DHCP server Setup Reports
Networking DHCP server Setup Reports
 
Dhcp
DhcpDhcp
Dhcp
 
Dhcp presentation
Dhcp presentationDhcp presentation
Dhcp presentation
 
Dhcp
DhcpDhcp
Dhcp
 
DHCP Protocol
DHCP ProtocolDHCP Protocol
DHCP Protocol
 
Configurar dhcp en router cisco
Configurar dhcp en router ciscoConfigurar dhcp en router cisco
Configurar dhcp en router cisco
 
DNS, DHCP Configuration
DNS, DHCP Configuration DNS, DHCP Configuration
DNS, DHCP Configuration
 
DHCP
DHCPDHCP
DHCP
 
DHCP Server & Client Presentation
DHCP Server & Client PresentationDHCP Server & Client Presentation
DHCP Server & Client Presentation
 

En vedette

EFEK RUMAH KACA
EFEK RUMAH KACAEFEK RUMAH KACA
EFEK RUMAH KACA
Ziadatul M
 
"Войди в картину". К 170-летию В. Паленова
"Войди в картину". К 170-летию В. Паленова"Войди в картину". К 170-летию В. Паленова
"Войди в картину". К 170-летию В. Паленова
Biblioteka-22
 
Uttara foods and feeds (bd) ltd
Uttara foods and feeds (bd) ltdUttara foods and feeds (bd) ltd
Uttara foods and feeds (bd) ltd
imran ali
 
Фантастические композиции С. Дали. К 110-летию испанского живописца Сальвад...
Фантастические композиции С. Дали. К 110-летию испанского живописца Сальвад...Фантастические композиции С. Дали. К 110-летию испанского живописца Сальвад...
Фантастические композиции С. Дали. К 110-летию испанского живописца Сальвад...
Biblioteka-22
 

En vedette (15)

EFEK RUMAH KACA
EFEK RUMAH KACAEFEK RUMAH KACA
EFEK RUMAH KACA
 
ПНИПУ
ПНИПУПНИПУ
ПНИПУ
 
Efek Rumah Kaca
Efek Rumah KacaEfek Rumah Kaca
Efek Rumah Kaca
 
"Войди в картину". К 170-летию В. Паленова
"Войди в картину". К 170-летию В. Паленова"Войди в картину". К 170-летию В. Паленова
"Войди в картину". К 170-летию В. Паленова
 
Uttara foods and feeds (bd) ltd
Uttara foods and feeds (bd) ltdUttara foods and feeds (bd) ltd
Uttara foods and feeds (bd) ltd
 
Flipbook
FlipbookFlipbook
Flipbook
 
"В пространстве полусвета". К 180-летию Эдгара Дэга
"В пространстве полусвета". К 180-летию Эдгара Дэга"В пространстве полусвета". К 180-летию Эдгара Дэга
"В пространстве полусвета". К 180-летию Эдгара Дэга
 
UU Erfaringer fra UDI
UU Erfaringer fra UDIUU Erfaringer fra UDI
UU Erfaringer fra UDI
 
"Не угаснет свет его таланта"
"Не угаснет свет его таланта""Не угаснет свет его таланта"
"Не угаснет свет его таланта"
 
Поэзия обыденного. Серов В. А.
Поэзия обыденного. Серов В. А.Поэзия обыденного. Серов В. А.
Поэзия обыденного. Серов В. А.
 
GEOMETRI PENGUKURA
GEOMETRI PENGUKURAGEOMETRI PENGUKURA
GEOMETRI PENGUKURA
 
Фантастические композиции С. Дали. К 110-летию испанского живописца Сальвад...
Фантастические композиции С. Дали. К 110-летию испанского живописца Сальвад...Фантастические композиции С. Дали. К 110-летию испанского живописца Сальвад...
Фантастические композиции С. Дали. К 110-летию испанского живописца Сальвад...
 
Emergency Medical Technician Wage
Emergency Medical Technician WageEmergency Medical Technician Wage
Emergency Medical Technician Wage
 
HIGHWAY ppt BY SHASHI SHEKHAR DBGI
HIGHWAY ppt BY SHASHI SHEKHAR DBGIHIGHWAY ppt BY SHASHI SHEKHAR DBGI
HIGHWAY ppt BY SHASHI SHEKHAR DBGI
 
automobile workshop ppt Traning report by c rang rajan and sudhir kumar
automobile workshop ppt Traning report by c rang rajan and sudhir kumarautomobile workshop ppt Traning report by c rang rajan and sudhir kumar
automobile workshop ppt Traning report by c rang rajan and sudhir kumar
 

Similaire à Vpn addind technique

CCNA Network Services
CCNA Network ServicesCCNA Network Services
CCNA Network Services
Dsunte Wilson
 
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docxINFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
carliotwaycave
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Server
mmoizuddin
 
Arp Dan Ipconfig Syntax
Arp Dan Ipconfig SyntaxArp Dan Ipconfig Syntax
Arp Dan Ipconfig Syntax
guestcc37e8c
 
Pmw2 k3ni 1-2a
Pmw2 k3ni 1-2aPmw2 k3ni 1-2a
Pmw2 k3ni 1-2a
hariclant1
 

Similaire à Vpn addind technique (20)

Lan to lan vpn
Lan to lan vpnLan to lan vpn
Lan to lan vpn
 
Network configuration
Network configurationNetwork configuration
Network configuration
 
Dhcp commandas
Dhcp commandasDhcp commandas
Dhcp commandas
 
Cisco asa firewall command line technical guide
Cisco asa firewall command line technical guideCisco asa firewall command line technical guide
Cisco asa firewall command line technical guide
 
CCNA Network Services
CCNA Network ServicesCCNA Network Services
CCNA Network Services
 
DHCP(In_Linux).pptx
DHCP(In_Linux).pptxDHCP(In_Linux).pptx
DHCP(In_Linux).pptx
 
Dhcp confg
Dhcp confgDhcp confg
Dhcp confg
 
Lession4 Dhcp
Lession4 DhcpLession4 Dhcp
Lession4 Dhcp
 
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docxINFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Server
 
Applications.docx
Applications.docxApplications.docx
Applications.docx
 
P&G BT Global Services - LLD Final Revision Year 2008.
P&G BT Global Services - LLD Final Revision Year 2008.P&G BT Global Services - LLD Final Revision Year 2008.
P&G BT Global Services - LLD Final Revision Year 2008.
 
net work iTM3
net work iTM3net work iTM3
net work iTM3
 
Arp Dan Ipconfig Syntax
Arp Dan Ipconfig SyntaxArp Dan Ipconfig Syntax
Arp Dan Ipconfig Syntax
 
Pmw2 k3ni 1-2a
Pmw2 k3ni 1-2aPmw2 k3ni 1-2a
Pmw2 k3ni 1-2a
 
[Advantech] ADAM-3600 open vpn setting Tutorial step by step
[Advantech] ADAM-3600 open vpn setting Tutorial step by step [Advantech] ADAM-3600 open vpn setting Tutorial step by step
[Advantech] ADAM-3600 open vpn setting Tutorial step by step
 
AWS VPN with Juniper SRX- Lab Sheet
AWS VPN with Juniper SRX- Lab SheetAWS VPN with Juniper SRX- Lab Sheet
AWS VPN with Juniper SRX- Lab Sheet
 
PPPoE With Mikrotik and Radius
PPPoE With Mikrotik and RadiusPPPoE With Mikrotik and Radius
PPPoE With Mikrotik and Radius
 
Improved secure address resolution protocol
Improved secure address resolution protocolImproved secure address resolution protocol
Improved secure address resolution protocol
 
configure a DHCP server on Fedora.pdf
configure a DHCP server on Fedora.pdfconfigure a DHCP server on Fedora.pdf
configure a DHCP server on Fedora.pdf
 

Dernier

Vip Mumbai Call Girls Andheri East Call On 9920725232 With Body to body massa...
Vip Mumbai Call Girls Andheri East Call On 9920725232 With Body to body massa...Vip Mumbai Call Girls Andheri East Call On 9920725232 With Body to body massa...
Vip Mumbai Call Girls Andheri East Call On 9920725232 With Body to body massa...
amitlee9823
 
➥🔝 7737669865 🔝▻ Vijayawada Call-girls in Women Seeking Men 🔝Vijayawada🔝 E...
➥🔝 7737669865 🔝▻ Vijayawada Call-girls in Women Seeking Men 🔝Vijayawada🔝 E...➥🔝 7737669865 🔝▻ Vijayawada Call-girls in Women Seeking Men 🔝Vijayawada🔝 E...
➥🔝 7737669865 🔝▻ Vijayawada Call-girls in Women Seeking Men 🔝Vijayawada🔝 E...
amitlee9823
 
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Call Girls in Nagpur High Profile
 
Bommasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Bommasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Bommasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Bommasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
amitlee9823
 
Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...
Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...
Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...
ranjana rawat
 
CHEAP Call Girls in Mayapuri (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Mayapuri (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Mayapuri (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Mayapuri (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
一比一定(购)新西兰林肯大学毕业证(Lincoln毕业证)成绩单学位证
一比一定(购)新西兰林肯大学毕业证(Lincoln毕业证)成绩单学位证一比一定(购)新西兰林肯大学毕业证(Lincoln毕业证)成绩单学位证
一比一定(购)新西兰林肯大学毕业证(Lincoln毕业证)成绩单学位证
wpkuukw
 
Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
amitlee9823
 
Call Girls Kothrud Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Kothrud Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Kothrud Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Kothrud Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...
Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...
Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...
Naicy mandal
 
CHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...
Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...
Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...
amitlee9823
 
➥🔝 7737669865 🔝▻ Deoghar Call-girls in Women Seeking Men 🔝Deoghar🔝 Escorts...
➥🔝 7737669865 🔝▻ Deoghar Call-girls in Women Seeking Men 🔝Deoghar🔝 Escorts...➥🔝 7737669865 🔝▻ Deoghar Call-girls in Women Seeking Men 🔝Deoghar🔝 Escorts...
➥🔝 7737669865 🔝▻ Deoghar Call-girls in Women Seeking Men 🔝Deoghar🔝 Escorts...
amitlee9823
 
(👉Ridhima)👉VIP Model Call Girls Mulund ( Mumbai) Call ON 9967824496 Starting ...
(👉Ridhima)👉VIP Model Call Girls Mulund ( Mumbai) Call ON 9967824496 Starting ...(👉Ridhima)👉VIP Model Call Girls Mulund ( Mumbai) Call ON 9967824496 Starting ...
(👉Ridhima)👉VIP Model Call Girls Mulund ( Mumbai) Call ON 9967824496 Starting ...
motiram463
 
怎样办理圣芭芭拉分校毕业证(UCSB毕业证书)成绩单留信认证
怎样办理圣芭芭拉分校毕业证(UCSB毕业证书)成绩单留信认证怎样办理圣芭芭拉分校毕业证(UCSB毕业证书)成绩单留信认证
怎样办理圣芭芭拉分校毕业证(UCSB毕业证书)成绩单留信认证
ehyxf
 

Dernier (20)

Vip Mumbai Call Girls Andheri East Call On 9920725232 With Body to body massa...
Vip Mumbai Call Girls Andheri East Call On 9920725232 With Body to body massa...Vip Mumbai Call Girls Andheri East Call On 9920725232 With Body to body massa...
Vip Mumbai Call Girls Andheri East Call On 9920725232 With Body to body massa...
 
NO1 Verified Amil Baba In Karachi Kala Jadu In Karachi Amil baba In Karachi A...
NO1 Verified Amil Baba In Karachi Kala Jadu In Karachi Amil baba In Karachi A...NO1 Verified Amil Baba In Karachi Kala Jadu In Karachi Amil baba In Karachi A...
NO1 Verified Amil Baba In Karachi Kala Jadu In Karachi Amil baba In Karachi A...
 
➥🔝 7737669865 🔝▻ Vijayawada Call-girls in Women Seeking Men 🔝Vijayawada🔝 E...
➥🔝 7737669865 🔝▻ Vijayawada Call-girls in Women Seeking Men 🔝Vijayawada🔝 E...➥🔝 7737669865 🔝▻ Vijayawada Call-girls in Women Seeking Men 🔝Vijayawada🔝 E...
➥🔝 7737669865 🔝▻ Vijayawada Call-girls in Women Seeking Men 🔝Vijayawada🔝 E...
 
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
Top Rated Pune Call Girls Katraj ⟟ 6297143586 ⟟ Call Me For Genuine Sex Serv...
 
Call Girls in Vashi Escorts Services - 7738631006
Call Girls in Vashi Escorts Services - 7738631006Call Girls in Vashi Escorts Services - 7738631006
Call Girls in Vashi Escorts Services - 7738631006
 
Bommasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Bommasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Bommasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Bommasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...
Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...
Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...
 
Pooja 9892124323, Call girls Services and Mumbai Escort Service Near Hotel Th...
Pooja 9892124323, Call girls Services and Mumbai Escort Service Near Hotel Th...Pooja 9892124323, Call girls Services and Mumbai Escort Service Near Hotel Th...
Pooja 9892124323, Call girls Services and Mumbai Escort Service Near Hotel Th...
 
CHEAP Call Girls in Mayapuri (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Mayapuri (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Mayapuri (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Mayapuri (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
一比一定(购)新西兰林肯大学毕业证(Lincoln毕业证)成绩单学位证
一比一定(购)新西兰林肯大学毕业证(Lincoln毕业证)成绩单学位证一比一定(购)新西兰林肯大学毕业证(Lincoln毕业证)成绩单学位证
一比一定(购)新西兰林肯大学毕业证(Lincoln毕业证)成绩单学位证
 
Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
Kothanur Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Bang...
 
Call Girls Kothrud Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Kothrud Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Kothrud Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Kothrud Call Me 7737669865 Budget Friendly No Advance Booking
 
Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...
Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...
Makarba ( Call Girls ) Ahmedabad ✔ 6297143586 ✔ Hot Model With Sexy Bhabi Rea...
 
CHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Hauz Quazi (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
SM-N975F esquematico completo - reparación.pdf
SM-N975F esquematico completo - reparación.pdfSM-N975F esquematico completo - reparación.pdf
SM-N975F esquematico completo - reparación.pdf
 
Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...
Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...
Call Girls Banashankari Just Call 👗 7737669865 👗 Top Class Call Girl Service ...
 
➥🔝 7737669865 🔝▻ Deoghar Call-girls in Women Seeking Men 🔝Deoghar🔝 Escorts...
➥🔝 7737669865 🔝▻ Deoghar Call-girls in Women Seeking Men 🔝Deoghar🔝 Escorts...➥🔝 7737669865 🔝▻ Deoghar Call-girls in Women Seeking Men 🔝Deoghar🔝 Escorts...
➥🔝 7737669865 🔝▻ Deoghar Call-girls in Women Seeking Men 🔝Deoghar🔝 Escorts...
 
(👉Ridhima)👉VIP Model Call Girls Mulund ( Mumbai) Call ON 9967824496 Starting ...
(👉Ridhima)👉VIP Model Call Girls Mulund ( Mumbai) Call ON 9967824496 Starting ...(👉Ridhima)👉VIP Model Call Girls Mulund ( Mumbai) Call ON 9967824496 Starting ...
(👉Ridhima)👉VIP Model Call Girls Mulund ( Mumbai) Call ON 9967824496 Starting ...
 
怎样办理圣芭芭拉分校毕业证(UCSB毕业证书)成绩单留信认证
怎样办理圣芭芭拉分校毕业证(UCSB毕业证书)成绩单留信认证怎样办理圣芭芭拉分校毕业证(UCSB毕业证书)成绩单留信认证
怎样办理圣芭芭拉分校毕业证(UCSB毕业证书)成绩单留信认证
 
9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...
9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...
9892124323 Pooja Nehwal Call Girls Services Call Girls service in Santacruz A...
 

Vpn addind technique

  • 1. C H A P T E R 31-1 Cisco Security Appliance Command Line Configuration Guide OL-10088-02 31 Configuring IP Addresses for VPNs This chapter describes IP address assignment methods. IP addresses make internetwork connections possible. They are like telephone numbers: both the sender and receiver must have an assigned number to connect. But with VPNs, there are actually two sets of addresses: the first set connects client and server on the public network. Once that connection is made, the second set connects client and server through the VPN tunnel. In security appliance address management, we are dealing with the second set of IP addresses: those private IP addresses that connect a client with a resource on the private network, through the tunnel, and let the client function as if it were directly connected to the private network. Furthermore, we are dealing only with the private IP addresses that get assigned to clients. The IP addresses assigned to other resources on your private network are part of your network administration responsibilities, not part of VPN management. Therefore, when we discuss IP addresses here, we mean those IP addresses available in your private network addressing scheme that let the client function as a tunnel endpoint. This chapter includes the following sections: • Configuring an IP Address Assignment Method, page 31-1 • Configuring Local IP Address Pools, page 31-2 • Configuring AAA Addressing, page 31-2 • Configuring DHCP Addressing, page 31-3 Configuring an IP Address Assignment Method The security appliance can use one or more of the following methods for assigning IP addresses to remote access clients. If you configure more than one address assignment method, the security appliance searches each of the options until it finds an IP address. By default, all methods are enabled. To view the current configuration, enter the show running-config all vpn-addr-assign command. • aaa—Retrieves addresses from an external authentication server on a per-user basis. If you are using an authentication server that has IP addresses configured, we recommend using this method. • dhcp—Obtains IP addresses from a DHCP server. If you want to use DHCP, you must configure a DHCP server. You must also define the range of IP addresses that the DHCP server can use. • local—Use an internal address pool. Internally configured address pools are the easiest method of address pool assignment to configure. If you choose local, you must also use the ip-local-pool command to define the range of IP addresses to use. To specify a method for assigning IP addresses to remote access clients, enter the vpn-addr-assign command in global configuration mode. The syntax is vpn-addr-assign {aaa | dhcp | local}.
  • 2. 31-2 Cisco Security Appliance Command Line Configuration Guide OL-10088-02 Chapter 31 Configuring IP Addresses for VPNs Configuring an IP Address Assignment Method Configuring Local IP Address Pools To configure IP address pools to use for VPN remote access tunnels, enter the ip local pool command in global configuration mode. To delete address pools, enter the no form of this command. The security appliance uses address pools based on the tunnel group for the connection. If you configure more than one address pool for a tunnel group, the security appliance uses them in the order in which they are configured. If you assign addresses from a non-local subnet, we suggest that you add pools that fall on subnet boundaries to make adding routes for these networks easier. A summary of the configuration of local address pools follows: hostname(config)# vpn-addr-assign local hostname(config)# ip local pool firstpool 10.20.30.40-10.20.30.50 mask 255.255.255.0 hostname(config) Step 1 To configure IP address pools as the address assignment method, enter the vpn-addr-assign command with the local argument: hostname(config)# vpn-addr-assign local hostname(config)# Step 2 To configure an address pool, enter the ip local pool command. The syntax is ip local pool poolname first-address—last-address mask mask. The following example configures an IP address pool named firstpool. The starting address is 10.20.30.40 and the ending address is 10.20.30.50. The network mask is 255.255.255.0. hostname(config)# ip local pool firstpool 10.20.30.40-10.20.30.50 mask 255.255.255.0 hostname(config) Configuring AAA Addressing To use a AAA server to assign addresses for VPN remote access clients, you must first configure a AAA server or server group. See the aaa-server protocol command in the Cisco Security Appliance Command Reference and “Identifying AAA Server Groups and Servers,” in Chapter 13, “Configuring AAA Servers and the Local Database” of this guide. In addition, the user must match a tunnel group configured for RADIUS authentication. The following examples illustrate how to define a AAA server group called RAD2 for the tunnel group named firstgroup. It includes one more step than is necessary, in that previously you might have named the tunnel group and defined the tunnel group type. This step appears in the following example as a reminder that you have no access to subsequent tunnel-group commands until you set these values. An overview of the configuration that these examples create follows: hostname(config)# vpn-addr-assign aaa hostname(config)# tunnel-group firstgroup type ipsec-ra hostname(config)# tunnel-group firstgroup general-attributes hostname(config-general)# authentication-server-group RAD2 To configure AAA for IP addressing, perform the following steps:
  • 3. 31-3 Cisco Security Appliance Command Line Configuration Guide OL-10088-02 Chapter 31 Configuring IP Addresses for VPNs Configuring an IP Address Assignment Method Step 1 To configure AAA as the address assignment method, enter the vpn-addr-assign command with the aaa argument: hostname(config)# vpn-addr-assign aaa hostname(config)# Step 2 To establish the tunnel group called firstgroup as a remote access or LAN-to-LAN tunnel group, enter the tunnel-group command with the type keyword. The following example configures a remote access tunnel group. hostname(config)# tunnel-group firstgroup type ipsec-ra hostname(config)# Step 3 To enter general-attributes configuration mode, which lets you define a AAA server group for the tunnel group called firstgroup, enter the tunnel-group command with the general-attributes argument. hostname(config)# tunnel-group firstgroup general-attributes hostname(config-general)# Step 4 To specify the AAA server group to use for authentication, enter the authentication-server-group command. hostname(config-general)# authentication-server-group RAD2 hostname(config-general)# This command has more arguments that this example includes. For more information, see the Cisco Security Appliance Command Reference. Configuring DHCP Addressing To use DHCP to assign addresses for VPN clients, you must first configure a DHCP server and the range of IP addresses that the DHCP server can use. Then you define the DHCP server on a tunnel group basis. Optionally, you can also define a DHCP network scope in the group policy associated with the tunnel group or username. This is either an IP network number or IP Address that identifies to the DHCP server which pool of IP addresses to use. The following examples define the DHCP server at IP address 172.33.44.19 for the tunnel group named firstgroup. They also define a DHCP network scope of 192.86.0.0 for the group policy called remotegroup. (The group policy called remotegroup is associated with the tunnel group called firstgroup). If you do not define a network scope, the DHCP server assigns IP addresses in the order of the address pools configured. It goes through the pools until it identifies an unassigned address. The following configuration includes more steps than are necessary, in that previously you might have named and defined the tunnel group type as remote access, and named and identified the group policy as internal or external. These steps appear in the following examples as a reminder that you have no access to subsequent tunnel-group and group-policy commands until you set these values. A summary of the configuration that these examples create follows: hostname(config)# vpn-addr-assign dhcp hostname(config)# tunnel-group firstgroup type ipsec-ra hostname(config)# tunnel-group firstgroup general-attributes hostname(config-general)# dhcp-server 172.33.44.19 hostname(config-general)# exit hostname(config)# group-policy remotegroup internal hostname(config)# group-policy remotegroup attributes hostname(config-group-policy)# dhcp-network-scope 192.86.0.0
  • 4. 31-4 Cisco Security Appliance Command Line Configuration Guide OL-10088-02 Chapter 31 Configuring IP Addresses for VPNs Configuring an IP Address Assignment Method To define a DHCP server for IP addressing, perform the following steps. Step 1 To configure DHCP as the address assignment method, enter the vpn-addr-assign command with the dhcp argument: hostname(config)# vpn-addr-assign dhcp hostname(config)# Step 2 To establish the tunnel group called firstgroup as a remote access or LAN-to-LAN tunnel group, enter the tunnel-group command with the type keyword. The following example configures a remote access tunnel group. hostname(config)# tunnel-group firstgroup type ipsec-ra hostname(config)# Step 3 To enter general-attributes configuration mode, which lets you configure a DHCP server, enter the tunnel-group command with the general-attributes argument. hostname(config)# tunnel-group firstgroup general-attributes hostname(config)# Step 4 To define the DHCP server, enter the dhcp-server command. The following example configures a DHCP server at IP address 172.33.44.19. hostname(config-general)# dhcp-server 172.33.44.19 hostname(config-general)# Step 5 Exit tunnel-group mode. hostname(config-general)# exit hostname(config)# Step 6 To define the group policy called remotegroup as an internally or externally configured group, enter the group-policy command with the internal or external argument. The following example configures an internal group. hostname(config)# group-policy remotegroup internal hostname(config)# Step 7 (Optional) To enter group-policy attributes configuration mode, which lets you configure a subnetwork of IP addresses for the DHCP server to use, enter the group-policy command with the attributes keyword. hostname(config)# group-policy remotegroup attributes hostname(config-group-policy)# Step 8 (Optional) To specify the range of IP addresses the DHCP server should use to assign addresses to users of the group policy called remotegroup, enter the dhcp-network-scope command. The following example configures at network scope of 192.86.0.0. hostname(config-group-policy)# dhcp-network-scope 192.86.0.0 hostname(config-group-policy)#