Edmonton#debug crypto ipsec Displays IPsec
Edmonton#debug crypto isakmp Displays messages about
IKE events
Con?¬?guring IPsec Site-to-Site VPNs Using CLI 39
Con?¬?guring IPsec Site-to-Site VPNs Using CLI
This section refers to Figure 4-1 and provides details about the con?¬?guration for the
Winnipeg router.
The programming steps for con?¬?guring the Winnipeg router are as follows:
Step 1. Configure the ISAKMP policy (IKE phase 1).
Step 2. Configure the IPsec transform sets (IKE phase 2, tunnel termination).
Step 3. Configure the crypto ACL (interesting traffic, secure data transfer).
Step 4. Configure the crypto map (IKE phase 2).
Step 5. Apply the crypto map to the interface (IKE phase 2).
Step 6. Configure the firewall interface ACL.
Step 7. Verify the VPN service.
Step 1: Con?¬?gure the ISAKMP Policy (IKE Phase 1)
Edmonton#debug crypto isakmp error Displays error messages
for IKE-related operations
Edmonton#debug crypto ipsec error Displays error messages
for IPsec-related
operations
Winnipeg(config)#crypto isakmp policy 1 Creates an IKE policy
Winnipeg(config-isakmp)#encryption 3des De?¬?nes 3DES encryption
Winnipeg(config-isakmp)#hash sha Chooses sha as the
hashing algorithm
Winnipeg(config-isakmp)#authentication
pre-share
Speci?¬?es authentication
with a preshared key
Winnipeg(config-isakmp)#group 2 Speci?¬?es Dif?¬?e-Hellman
group 2 key exchange
algorithm
Winnipeg(config-isakmp)#lifetime 86400 Speci?¬?es the lifetime of
the IKE SA
40 Con?¬?guring IPsec Site-to-Site VPNs Using CLI
Step 2: Con?¬?gure the IPsec Transform Sets (IKE Phase 2, Tunnel
Termination)
Step 3: Con?¬?gure the Crypto ACL (Interesting Traf?¬?c, Secure Data
Transfer)
Winnipeg(config-isakmp)#exit Exits isakmp con?¬?guration
mode
Winnipeg(config)#crypto isakmp key 12345678
address 192.
Pages:
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48