[ Pobierz całość w formacie PDF ]

Configuring the Access VPN
to Work with Remote AAA
Introduction
In this third task, the ISP and the enterprise customer:
" Reconfigure the NAS and home gateway to work as an access VPN using remote AAA. To ensure
that the access VPN is using remote AAA, the ISP and enterprise customer modify the AAA and
VPN configurations on the NAS and home gateway.
" Configure CiscoSecure ACS on the UNIX and NT servers. The NAS uses CiscoSecure UNIX to
authenticate the user s domain name and to determine the IP tunnel endpoint information. The
home gateway uses CiscoSecure NT to authenticates the user s username and password. The
NAS and home gateway continue to use their local username databases to authenticate the tunnel.
" Verify that the access VPN works properly.
" Troubleshoot the access VPN if there are problems.
The ISP configures the NAS and CiscoSecure UNIX. The enterprise customer configures the home
gateway and CiscoSecure NT. Figure 17 shows the access VPN network topology.
Figure 17 Access VPN Topology Using Remote AAA
ISP's network
CiscoSecure ACS
UNIX server
Enterprise customer's network
Cisco AS5300 CiscoSecure ACS
Clients
network access NT server
using modems
4 TI PRI lines
server
PSTN
POTS lines
L2F tunnel Ethernet
Ethernet
Cisco 7206
Cisco 4500-M
home gateway
edge router
Serial lines
Frame Relay
data network
Configuring the Access VPN to Work with Remote AAA 61
18024
6
5
4
3
2
1
Once the ISP and enterprise customer have completed this task, the network will function as follows:
" When the user Jeremy wants to connect to the enterprise customer s network, he dials in to the
NAS by using the username jeremy@hgw.com.
" The NAS and the client perform LCP negotiation.
" The CiscoSecure UNIX server authenticates the domain name, hgw.com, and supplies the NAS
with the tunnel endpoint information.
" The NAS negotiates an L2F tunnel with the home gateway. The NAS and home gateway
authenticate the tunnel by using their local username databases, which contain the tunnel secret.
Once the tunnel is established, the NAS forwards the call to the home gateway.
" The CiscoSecure NT server authenticates the username, jeremy, and assigns the client an IP
address. (It can optionally assign IP addresses for DNS and WINS servers.)
" The client and the home gateway can now exchange PPP packets. The NAS now acts as a
transparent PPP frame forwarder.
Configuring the Access VPN
To configure the access VPN solution to work with remote AAA, follow these steps:
" Step 1 Configuring the NAS
" Step 2 Configuring the Home Gateway
" Step 3 Configuring the CiscoSecure ACS UNIX Server
" Step 4 Configuring the CiscoSecure ACS NT Server
Step 1 Configuring the NAS
In this step, the ISP:
" Moves the responsibilities for domain name authentication and tunnel endpoint determination
from the NAS to the remote CiscoSecure UNIX server
" Points the NAS to the CiscoSecure UNIX server
" Removes unnecessary commands
Use this command To do this
ISP_NAS(config)# aaa authentication ppp default local radius
Instruct AAA to first use the local database and then use the
RADIUS server (CiscoSecure NT) for PPP and VPN
authentication.
The order of authentication methods is local first and
RADIUS second because the tunnel is authenticated locally
and the user s domain name is authenticated by the
CiscoSecure UNIX server.
ISP_NAS(config)# aaa authorization network default radius
Instruct AAA to use the CiscoSecure UNIX server to
authorize network-related service requests.
ISP_NAS(config)# radius-server host 172.22.66.18
Enter the CiscoSecure UNIX server s IP address.
62 Access VPN Solutions Using Tunneling Technology
Step 2 Configuring the Home Gateway
Use this command To do this
ISP_NAS(config)# radius-server key cisco
Define a key to decrypt the data that runs between the NAS
and the CiscoSecure UNIX server.
Note This key must be configured as  cisco.
Cisco s RADIUS has a hard-coded password of  cisco ;
this is separate from the NAS and home gateway passwords
used to authenticate each other.
ISP_NAS(config)# no vpdn-group 1
Remove the VPN1 group. All of the tunneling information
will now be retrieved using RADIUS at the CiscoSecure
UNIX server. [ Pobierz całość w formacie PDF ]

zanotowane.pl

doc.pisz.pl

pdf.pisz.pl

moje-waterloo.xlx.pl

• Archiwum

  • Strona Główna
  • Graham Masterton Wojownicy Nocy 03 Nocna plaga
  • Howatch Susan Cashelmara czesc 1 2
  • Stormy Glenn & Joyee Flynn Delta Wolf 1 Chameleon Wolf
  • Asimov, Isaac Robot 2 The Naked Sun
  • Cartland Barbara Niegrzeczny aniośÂ‚ek
  • Charles de Remusat Abelard, Tome I
  • Andrew Ashling Invisible Chains 1 Bonds of Hate
  • Sean Michael A Hammer Novel 8 Baked
  • Cartland Barbara Przygoda miśÂ‚osna
  • Resnick Mike 01 Wróśźbiarka Wróśźbiarka
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • filmowka.pev.pl