Table of Contents
Advertisement
Command Reference Guide
Global Configuration Mode Command Set
Step 8:
Create crypto map. A crypto map is used to define a set of encryption schemes to be used for a given
interface. A crypto map entry has a unique index within the crypto map set. The crypto map entry will
specify whether IKE is used to generate encryption keys or if manually specified keys will be used. The
crypto map entry will also specify who will be terminating the VPN tunnel, as well as which transform set or
sets will be used to encrypt and/or authenticate the traffic on that VPN tunnel. It also specifies the lifetime
of all created IPSec security associations.
(config)#crypto map corporate_vpn 1 ipsec-ike
(config-crypto-map)#match address corporate_traffic
(config-crypto-map)#set peer 63.105.15.129
(config-crypto-map)#set transform-set highly_secure
(config-crypto-map)#set security-association lifetime kilobytes 8000
(config-crypto-map)#set security-association lifetime seconds 28800
(config-crypto-map)#no set pfs
Step 9:
Configure a public interface. This process includes configuring the IP address for the interface and
applying the appropriate crypto map to the interface. Crypto maps are applied to the interface on which
encrypted traffic will be transmitted.
(config)#interface ppp 1
(config-ppp 1)#ip address 63.97.45.57 255.255.255.248
(config-ppp 1)#crypto map corporate_vpn
(config-ppp 1)#no shutdown
Step 10:
Configure a private interface. This process allows all traffic destined for the VPN tunnel to be routed to the
appropriate gateway.
(config)#interface ethernet 0/1
(config-eth 0/1)#ip address 10.10.10.254 255.255.255.0
(config-eth 0/1)#no shutdown
(config-eth 0/1)#exit
61200990L1-35E
Copyright © 2005 ADTRAN
325
- Quick Links:
- Basic Mode Command Set
- Common Commands
Hide quick links:
Advertisement
Table of Contents
