|
13.5.2 |
Step 1 – Enable
IKE
Router(config)# crypto isakmp enable
|
|
13.5.4 |
Step 2 – Create
IKE Policies with the crypto isakmp command
Router(config)# crypto isakmp policy priority
Router(config-isakmp)# authentication {rsa-sig |
rsa-encr | pre-share}
Router(config-isakmp)# encryption {des | 3des}
Router(config-isakmp)# hash {sha | md5}
Router(config-isakmp)# group {1 | 2}
Router(config-isakmp)# lifetime seconds
|
|
13.5.7 |
Step 7 - Configure
pre-shared keys
Router(config)# crypto isakmp key keystring
address peer-address [mask]
|
|
13.6.2 |
Step 1 – Configure
transforms set suites
Router(config)# crypto ipsec transform-set
transform-set-name transform1 [transform2 [transform3]]
Router(cfg-crypto-trans)# mode [tunnel | transport]
|
|
13.6.6 |
Step 3 –
Create crypto ACLs using extended access-lists
Router(config-if)#access-list acl-index {deny |
permit} protocol source source-wildcard
destination destination-wildcard [precedence
precedence][tos tos] [log]
|
|
13.6.10 |
Step 4 - Configure
IPSec Crypto maps
Router(config-crypto-map)# crypto map map-name seq-num
ipsec-isakmp [dynamic dynamic-map-name] [discover]
Router(config-crypto-map)# match address [access-list-id
| name]
Router(config-crypto-map)# set peer {hostname | ip-address}
Router(config-crypto-map)# set transform-set
transform-set-name [transform-set-name2...transform-set-name6]
Router(config-crypto-map)# set security-association lifetime
{seconds seconds | kilobytes
kilobytes}
|
|
13.6.12 |
Step 5 – Apply
crypto maps to interfaces
Router(config-if)#crypto map map-name
|
|
13.7.1 |
Task 4 – Test and
verify IPSec
Router#
show crypto isakmp policy
Router# show crypto ipsec transform-set [tag
transform-set-name]
Router(config)#debug crypto ipsec
Router(config)#debug crypto iskmp
|
