Mode Configuration Process Is Initiated
After successfully authenticating with the Easy VPN Server, the VPN Client requests the
remaining configuration parameters from the Easy VPN Server such as the following:
■ IP address
■ Domain Name System (DNS) information
■ Split tunneling configuration
Step 6: IKE Quick Mode Completes the Connection
After the VPN Client receives the various configuration parameters from the Easy VPN
Server, IKE quick mode is initiated to negotiate the IPSec SA establishment.
Extended Authentication Configuration
XAUTH enables the Easy VPN Server to require username/password authentication in order
to establish the VPN connection. This authentication is performed by an AAA server. To
configure the Easy VPN Server to use XAUTH for remote VPN clients, you must set up the
Easy VPN Server and configure it to perform XAUTH. The complete configuration process
involves performing the following tasks:
■ Create an Internet Security Association and Key Management Protocol (ISAKMP) policy
for remote Cisco VPN Client access
■ Create an IP address pool
■ Define a group policy for mode configuration push
■ Create a transform set
■ Create a dynamic crypto map
■ Assign the dynamic crypto map to a static crypto map
■ Apply the static crypto map to an interface
■ Configure XAUTH
■ Configure NAT and NAT 0
■ Enable IKE DPD
NOTE VPN devices that handle remote Cisco VPN Clients should always be configured
to enforce user authentication.
NOTE The IP address is the only required parameter in the group profile. All other
parameters are optional.