Table of Contents
Advertisement
Chapter 4
Configuring the SA-VAM2+
Figure 4-1
10.0.0.2
10.0.0.1
Router A Configuration
Specify the parameters to be used during an IKE negotiation:
crypto isakmp policy 15
encryption des
hash md5
authentication pre-share
group 2
lifetime 5000
crypto isakmp key 1234567890 address 10.2.2.3
crypto isakmp identity address
In the preceding example, the encryption DES of policy 15 would not appear in the written configuration
Note
because this is the default value for the encryption algorithm parameter.
A transform set defines how the traffic will be protected:
crypto ipsec transform-set auth1 ah-md5-hmac esp-des esp-md5-hmac
mode tunnel
A crypto map joins the transform set and specifies where the protected traffic is sent (the remote IPSec
peer):
crypto map toRemoteSite 10 ipsec-isakmp
set peer 10.2.2.3
set transform-set auth1
match address 101
The crypto map is applied to an interface:
interface Serial0
ip address 10.0.0.3
crypto map toRemoteSite
An IPSec access list defines which traffic to protect:
OL-5979-03
Basic IPSec Configuration
Only packets from 10.0.0.2 to 10.2.2.2 are
encrypted and authenticated across the network.
Clear text
10.0.0.3
Router A
All other packets are not encrypted
VPN Acceleration Module 2+ (VAM2+) Installation and Configuration Guide
Encrypted text
10.2.2.3
Clear text
Basic IPSec Configuration Illustration
Clear text
10.2.2.2
Router B
10.2.2.1
4-23
Advertisement
Table of Contents
