Configuring IPsec Site-to-Site VPN Using SDM参考.ppt

IPsec VPNs Configuring IPsec Site-to-Site VPN Using SDM Cisco Router and SDM SDM is an embedded web-based management tool.SDM是一个嵌入的基于WEB管理的工具. Provides intelligent wizards to enable quicker and easier deployments, and does not require knowledge of Cisco IOS CLI or security expertise.提供了智能的向导实现快速的简便的部署，其不需要Cisco IOS命令行基础知识或安全技术。 Contains tools for more advanced users: ACL editor VPN crypto map editor Cisco IOS CLI preview What Is Cisco SDM? Cisco SDM Features Smart wizards for these frequent router and security configuration issues: Avoid misconfigurations with integrated routing and security Secure the existing network infrastructure easily and cost-effectively Uses Cisco TAC- and ICSA-recommended security configurations Startup wizard, one-step router lockdown, policy-based firewall and ACL management (firewall policy), one-step VPN (site-to-site), and inline IPS Guides untrained users through workflow Introducing the SDM VPN Wizard Interface Site-to-Site VPN Components VPN wizards use two sources to create a VPN connection: User input during the step-by-step wizard process Preconfigured VPN components SDM provides some default VPN components: Two IKE policies IPsec transform set for Quick Setup wizard Other components are created by the VPN wizards. Some components (e.g., PKI) must be configured before the wizards can be used. Site-to-Site VPN Components (Cont.) Two main components: IPsec IKE Two optional components: Group Policies for Easy VPN server functionality Public Key Infrastructure for IKE authentication using digital certificates Launching the Site-to-Site VPN Wizard Launching the Site-to-SiteVPN Wizard (Cont.) Quick Setup Quick Setup (Cont.) Step-by-Step Setup Multiple steps are used to configure the VPN connection: Defining connection settings: Outside interface, peer address, authentication credentials Defining IKE proposals: Priority, encryption algorithm, HMAC, authentication type, Diffie-Hellman group, lifetime Defining IPsec transform sets: Enc