Super E-book library

31.7.1
Speci?¬?es the key required
for the tunnel endpoint
Edmonton(config)#crypto isakmp key 12345678
address 128.107.55.9
Speci?¬?es the key required
for the tunnel endpoint
NOTE: The peer
termination router must
have the same key and
IP address of its peer
termination router
(128.107.55.9).
Winnipeg(config)#access-list 101 permit gre
host 128.107.55.9 host 192.31.7.1
Allows GRE protocol
traf?¬?c between GRE
tunnel endpoints
Winnipeg(config)#crypto map VPN-1 10 ipsecisakmp
De?¬?nes the crypto map
VPN-1 to use IPsec with
ISAKMP
Winnipeg(config-crypto-map)#set peer
192.31.7.1
Speci?¬?es the IP address of
the IPsec peer
48 Con?¬?guring GRE Tunnels over IPsec
Step 4: Specify the IPsec VPN Transform Sets
Winnipeg(config-crypto-map)#set transform-set
TO-EDMONTON
Uses the transform set TOEDMONTON
for IKE
phase 2 policy
Winnipeg(config-crypto-map)#match address 101 De?¬?nes the IP addresses
for the IPsec tunnel
Winnipeg(config-crypto-map)#exit Exits crypto-map
con?¬?guration mode
Edmonton(config)#access-list 102 permit gre
host 192.31.7.1 host 128.107.55.9
Allows GRE protocol
traf?¬?c between GRE
tunnel endpoints
Edmonton(config-crypto-map)#set peer
128.107.55.9
Speci?¬?es the IP address of
the IPsec peer
Edmonton(config-crypto-map)#match address 102 De?¬?nes the IP addresses
for the IPsec tunnel
NOTE: The Edmonton
tunnel termination
router has the following
mirrored programming:
ACL permitting GRE
inbound from the
Winnipeg router, tunnel
peer, and interesting
traf?¬?c ACL.


Pages:
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56