[nsp] Cisco VPN 3000 - basics questions

Mati Gil mgil at servicom2000.com
Wed Dec 31 06:57:30 EST 2003


Mourad,
to set up filters:
1-create an IP In Rule:
Direction: Inbound
Protocol: Any (if all IP)
Source address: IP network or network list with SA of traffic coming in
Destination address: IP network or network list with DA of traffic coming in

2.-create an IP Out Rule:
Direction: Outbound
Protocol: Any (if all IP)
Source address: IP network or network list with SA of traffic going out
Destination address: IP network or network list with DA of traffic going out

3- Create a Filter:
Default action: drop

4- Assign rules to the filter:
Add In and Out rules you've just created

5- Apply filter to your wherever you want (L2L, remote access group,
interface,...)


To use Certificates:
VPN3000 is not a Certificate Authority so it does not issue certificates.
you'll need a CA anyway. But you can manually install certificates on
VPN3000.
Look at
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration
_example09186a00800946f1.shtml for VPN3000
and at
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080
09468a.shtml for VPN Client.

I hope it helps,
Mati

-----Mensaje original-----
De: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net]En nombre de BERKANE Mourad
Enviado el: miércoles, 31 de diciembre de 2003 11:38
Para: 'cisco-nsp at puck.nether.net'
Asunto: [nsp] Cisco VPN 3000 - basics questions
Importancia: Alta



I have 2 basic questions about Cisco VPN 3000 Series Concentrator.

Reading the user guide chapter about Policy Management/Traffic
Management/Filters, I see we could apply registered rules
(HTTPS,IKE,HTTPS,GRE,L2TP,OSPF ... in/out) but seems not allow manual
filters as we could setup with ACL.
I want to apply IP src/dest filters. How to configure them if possible?

Another question: can the Cisco VPN 3000 be a IKE certificate server if i
don't want to use external one for certificate IKE parameters?

Thanks!
Mourad
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/





More information about the cisco-nsp mailing list