IPSEC

IPSEC encryption related links. gre

Sample Cisco Config

!!# Phase One - isakmp #!!

crypto isakmp policy 10 
   hash sha 
   authentication pre-share 
   crypto isakmp key vpnkey address 10.0.0.2

!!# Phase Two - ipsec #!!

! crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set vpnset esp-aes esp-sha-hmac 
   exit 
crypto map vpnset 10 ipsec-isakmp 
   set peer 10.0.0.2 
   set transform-set vpnset
   ! set pfs group2
   match address 100

!!#Apply to outside int #!!

int ??
    !ip address 10.0.0.1
    crypto map vpnset
access-list 100 permit ip 10.10.10.0 0.0.0.255 10.20.0.0 0.0.0.255
ip route 0.0.0.0 0.0.0.0 192.168.16.1

Verify IPSec VPN connections

show crypto ipsec sa 
show crypto isakmp sa 

debug crypto isakmp 
debug crypto ipsec 

Example VTI

!
crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp key ******** address 0.0.0.0 0.0.0.0
    crypto isakmp keepalive 10
!
crypto ipsec transform-set TSET esp-3des esp-sha-hmac
!
crypto ipsec profile VTI
    set transform-set TSET
!
interface Tunnel0
    ip address 192.168.10.2 255.255.255.0
    tunnel source 10.0.149.220
    tunnel destination 10.0.149.221
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile VTI
!

...


CategorySecurity CategoryNetwork

IpSec (last edited 2017-11-08 19:17:26 by PieterSmit)