31.7.1
Speci?¬?es the IP address of
the VPN peer
Winnipeg(config-crypto-map)#set transform-set
TRANSFORM-0
Uses the transform set
TRANSFORM-0 for IKE
phase 2 policy
Winnipeg(config-crypto-map)#match address 100 De?¬?nes the IP addresses
for the IPsec tunnel
Winnipeg(config-crypto-map)#exit Exits crypto-map
con?¬?guration mode
Edmonton(config)#access-list 101 permit ip
10.10.30.0 0.0.0.255 192.168.30.1 0.0.0.255
De?¬?nes the source and
destination IP addresses
of the VPN traf?¬?c
Edmonton(config-crypto-map)#match address 101 De?¬?nes the IP addresses
for the IPsec tunnel
Edmonton(config-crypto-map)#set peer
128.107.55.9
Speci?¬?es the IP address of
the IPsec peer
Edmonton(config)#access-list 120 permit ahp
host 128.107.55.9 host 192.31.7.1
Permits VPN protocol:
Authentication Header
(AH)
Edmonton(config)#access-list 120 permit esp
host 128.107.55.9 host 192.31.7.1
Permits VPN protocol:
Encapsulating Security
Payload (ESP)
Edmonton(config)#access-list 120 permit udp
host 128.107.55.9 host 192.31.7.1 eq isakmp
Permits VPN protocol:
ISAKMP
42 Con?¬?guring IPsec Site-to-Site VPNs Using CLI
Step 5: Apply the Crypto Map to the Interface (IKE Phase 2)
Step 6: Con?¬?gure the Firewall Interface ACL
Step 7: Verify the VPN Service
Winnipeg(config)#interface fastethernet 0/0 Enters interface
con?¬?guration mode
Winnipeg(config-if)#crypto map CRYPTO-MAP-0 Applies the crypto map at
the terminating interface
Winnipeg(config-if)#exit Exits interface
con?¬?guration mode
Winnipeg(config)#access-list 120 permit ahp
host 192.
Pages:
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50