168.3.0 Advertises the IP segment
on the tunnel interface
Edmonton(config-router)#network 10.10.30.0 Advertises the LAN IP
segment
Winnipeg(config)#ip route 0.0.0.0 0.0.0.0
128.107.55.10
Speci?¬?es default route to
next-hop WAN address
Edmonton(config)#ip route 0.0.0.0 0.0.0.0
192.31.7.2
Speci?¬?es default route to
next-hop WAN address
NOTE: After Steps 1
through 3, connectivity
and EIGRP neighbor
relationships should
be veri?¬?ed.
52 Con?¬?guring a Static IPsec Virtual Tunnel Interface
Step 3: Create IKE Policies and Peers
Winnipeg(config)#crypto isakmp policy 10 Creates a policy to de?¬?ne
the parameters used
during the IKE
negotiation.
NOTE: All ISAKMP
settings are not offered
on all crypto-capable
IOS images. Con?¬?gure
the settings supported
by your IOS image.
Winnipeg(config-isakmp)#authentication preshare
Speci?¬?es use of a shared
common key
Winnipeg(config-isakmp)#encryption aes 256 Speci?¬?es use of 256-bit
AES encryption
Winnipeg(config-isakmp)#hash sha Speci?¬?es use of the SHA
hashing algorithm
Winnipeg(config-isakmp)#group 5 Con?¬?gures the IKE policy
with the 1536-bit Dif?¬?e-
Hellman group (group 5)
Winnipeg(config-isakmp)#lifetime 3600 Speci?¬?es the lifetime of an
IKE SA
NOTE: The IKE SA
is bound to the VTI.
Pages:
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60