Cisco CCNP ISCW Exam Tutorial:

Configuring Easy VPN Server Via Security Device Manager (SDM)

By Chris Bryant, CCIE #12933

In a previous CCNP ISCW exam tutorial, we took an introductory look at Easy VPN Server and Client. Today, we'll use Cisco's Security Device Manager (SDM) to configure the Easy VPN Server.

We'll start our Easy VPN server config by clicking the VPN button in the Configure section of SDM.

You'll see a list of topics under "VPN", and we'll select Easy VPN Server.

The description screen shows the following.  Note the prerequisite task - AAA must be enabled before Easy VPN Server can be installed.

There's a link to enable AAA on that screen, so I'll click that. Note that the Launch Easy VPN Server Wizard button is grayed out since AAA is not yet enabled.

After clicking the enable AAA link, we're presented with this message:

We do want to enable AAA, so we'll click Yes and move on.

Once the AAA commands are delivered, we can launch the Easy VPN Server Wizard.

Here's what this wizard will do for us:

Here's the next window:

The interface facing the Easy VPN Client is Fast 0/0, so I'll choose that in the drop-down box. We'll use pre-shared keys as well, but you see that we can use keys, digital certificates, or both. 

After making those selections, the next window asks us for the IKE proposal.  We could create custom policies by clicking Add, but here we'll use the default.

The Transform Set selection window is next, and we'll accept the default there as well.

The next window prompts us for the group authorization method, and we'll use local authentication only. Note the three options.

Actually, if you don't have a RADIUS or TACACS server in your network, the local database is the only option you have!

In the next window, we'll indicate local authentication for users.

In the next window, since we haven't defined a group yet, I'll click Add.

The Add Group Policy window opens to the following tab, and you can see the information I entered.  Note the pre-shared key appears as a series of asterisks.

We'll enable Split Tunneling, which is disabled by default. 

When I clicked that check box, the Enter the protected subnets selection window enabled.  I'll click Add and enter the 10.0.0.0 network with a wildcard mask of 0.255.255.255.

The policy has been added.

At the bottom of this screen, note that you can specify an idle timer for the tunnel.

Finally, we're presented with the Summary window.

That's about it for the Easy VPN Server side, but we need to configure the Easy VPN Client! We'll tackle that task in a future CCNP ISCW exam tutorial.

In the meantime, my ISCW Study Package and The Ultimate CCNP Study Package Bundle, which covers all four CCNP exams, are ready to help you be totally prepared for CCNP exam success!

To your success,

Chris Bryant

CCIE #12933

chris@thebryantadvantage.com