10.20.3 Assigns 10.10.20.3 as the
HSRP group 2 virtual
router IP
HSRP2(config-if)#standby 2 preempt Enables the active device
to release control after an
interface tracking event
HSRP2(config-if)#standby 2 name HSRP-IN Names the HSRP group
HSRP2(config-if)#standby delay reload 120 Con?¬?gures a delay before
initializing HSRP groups
HSRP2(config-if)#standby 2 track fastethernet
0/0
Monitors the interface
status to enable failover to
an HSRP peer
HSRP1(config)#ip access-list extended PEEROUTSIDE
Creates a named extended
access list
HSRP1(config-ext-nacl)#permit ip 10.10.40.1
0.0.0.255 10.10.30.0 0.0.0.255
De?¬?nes traf?¬?c for the
IPsec tunnel
HSRP1(config-ext-nacl)#exit Exits to global
con?¬?guration mode
60 Con?¬?guring High Availability VPNs
Key Exchange Policy
Addressing, Authentication Credentials, and Transform Set
IPsec Tunnel
HSRP1(config)#crypto isakmp policy 1 Creates IKE policy
HSRP1(config-isakmp)#authentication pre-share Speci?¬?es use of a
preshared key for
authentication
HSRP1(config-isakmp)#exit Exits to global
con?¬?guration mode
HSRP1(config)#crypto isakmp key 12345678
address 0.0.0.0 0.0.0.0 no-xauth
Speci?¬?es the key required
for the tunnel endpoint (no
user authentication)
HSRP1(config)#crypto ipsec transform-set
TRANS-1 ah-md5-hmac esp-3des
Creates the transform set
TRANS-1 for the IKE
phase 2 policy
HSRP1(cfg-crypto-trans)#exit Exits to global
con?¬?guration mode
HSRP1(config)#crypto map TO-OUTSIDE 10 ipsecisakmp
De?¬?nes the crypto map
TO-OUTSIDE to use
IPsec with ISAKMP
HSRP1(config-crypto-map)#set peer 192.
Pages:
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67