31.7.1 Speci?¬?es the IP address of
the remote IPsec peer
HSRP1(config-crypto-map)#set transform-set
TRANS-1
Speci?¬?es use of the
transform set TRANS-1
for IKE phase 2 policy
HSRP1(config-crypto-map)#match address PEEROUTSIDE
De?¬?nes the IP addresses
for the IPsec tunnel
HSRP1(config-crypto-map)#exit Exits to global
con?¬?guration mode
Con?¬?guring High Availability VPNs 61
HSRP2 Con?¬?guration
Tunnel Traf?¬?c Filter
Key Exchange Policy
Addressing, Authentication Credentials, and Transform Set
IPsec Tunnel
HSRP2(config)#ip access-list extended PEEROUTSIDE
Creates named extended
access list
HSRP2(config-ext-nacl)#permit ip 10.10.40.1
0.0.0.255 10.10.30.0 0.0.0.255
De?¬?nes traf?¬?c for the
IPsec tunnel
HSRP2(config-ext-nacl)#exit Exits to global
con?¬?guration mode
HSRP2(config)#crypto isakmp policy 1 Creates IKE policy
HSRP2(config-isakmp)#authentication pre-share Speci?¬?es the use of a
preshared key for
authentication
HSRP2(config-isakmp)#exit Exits to global
con?¬?guration mode
HSRP2(config)#crypto isakmp key 12345678
address 0.0.0.0 0.0.0.0 no-xauth
Speci?¬?es the key required
for the tunnel endpoint (no
user authentication)
HSRP2(config)#crypto ipsec transform-set
TRANS-1 ah-md5-hmac esp-3des
Creates the transform set
TRANS-1 for the IKE
phase 2 policy
HSRP2(cfg-crypto-trans)#exit Exits to global
con?¬?guration mode
HSRP2(config)#crypto map TO-OUTSIDE 10 ipsecisakmp
De?¬?nes the crypto map
VPN-2 to use IPsec with
ISAKMP
HSRP2(config-crypto-map)#set peer 192.
Pages:
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68