Set up an ezVPN server on the FAST Router

There may be no specific mode for the description of the problem related to the FAST router settings, so the following questions and replies from netizens may not help you, but it will help you in the future.

Set up an ezVPN server on the FAST Router

1. FAST router settings: Enable AAA
◆ Enable AAA for aaanew-model
◆ Aaaauthenticationloginvpnauthlocal create an authentication group called vpnauth and use the local vro user name and password for logon authentication.
◆ Aaaauthorizationnetworkvpnauthorlocal create an authorization group called vpnauthor to assign addresses to vpn users.
◆ Usernameciscopasswordcisco creates a local user. The cisco password is used as the vpn user.

2. FAST router settings:. Configure phase1
◆ Cryptoisakmppolicy10
◆ Encraes encryption using AES
◆ Authenticationpre-share use the pre-shared key
◆ Group2 use DHgroup2

3. FAST router configuration: Configure "phase1.5" (xauth)
◆ Cryptoisakmpxauthtimeout10: Set the xauth authentication timeout time to 10 seconds.
◆ Cryptoisakmpclientconfigurationgroupvpngroup: creates an ezvpn group named vpngroup.
◆ The keygroupkey group password is groupkey
◆ Poollocalpool: The address pool allocated ip addresses for the reorganization is localpool
◆ Splittunnelacl of acllo for this group
◆ Cryptoisakmpprofileisapro creates an isakmpprofile. The advantage of using profile is that different authentication and authorization policies can be applied to different groups.
◆ Matchidentitygroupvpngroup the corresponding profile group is vpngroup
◆ Clientauthenticationlistvpnauth use vpnauth for client authentication
◆ Isakmpauthorizationlistvpnauthor authorizes the client to use vpnauth for Address Allocation)
◆ Clientconfigurationaddressrespond responds to the address request initiated by the client. The new version of ciscovpnclient usually uses the respond method.
◆ Keepalive10retry3 is kept for 10 seconds, and authentication can be retried up to 3 times
◆ Iplocalpoollocalpool9.9.9.19.9.10 create a local address pool

4. FAST router configuration: Configure phase2
◆ Cryptoipsectransform-settsesp-aesesp-sha-hmac build conversion set use aes encryption and shahash Verification
◆ Cryptodynamic-mapdmap10 to establish dynamic map
◆ Settransform-setts call the conversion set ts
◆ Setisakmp-profileisapro call isakmp-profile
◆ Reverse-route inject the static host route of the client to the vro after the client is dialed in
◆ The cryptomapcmap1000ipsec-isakmpdynamicdmap creates a static map and calls the newly established dynamic mapdmap
◆ Call cryptomapcmap on the interface that the vpn dial-in request may enter

5. FAST router settings: Use a VPN Client to connect
◆ The group name uses vpngroup and the group password uses groupkey. The user name uses cisco, and the password uses cisco.