Using SDM to Configure the Easy VPN Server
You can use SDM to create and configure an Easy VPN Server. Before
beginning, decide on the IKE authentication method, the user authentication
method, and the IP addressing scheme you will use. In addition, set up AAA
servers or certification authority information, any needed DNS resolution for
the Easy VPN servers, and Network Time Protocol if needed for key
exchange. The tasks to create an Easy VPN server include the following:
■ Create a privileged user.
■ Configure an enable secret password.
■ Enable the router to use the AAA server’s database.
■ Use the SDM’s Easy VPN Wizard to configure the following:
■ The tunnel interface
■ IKE policies
■ RADIUS or TACACS+ policy lookup
■ User authentication
■ Local group policies
■ IPsec transform set
SDM enables you to test the configuration. In addition to crypto show
commands mentioned earlier in this chapter, the following Cisco IOS
commands help in verifying and troubleshooting your configuration:
¦ debug crypto isakmp—Shows IKE messages
¦ debug aaa authentication—Shows user authentication messages
¦ debug aaa authorization—Shows messages relating to group policy
configuration
¦ debug radius—Shows RADIUS messages