Download
Share
Print this page
Cisco SRP500 Configuration Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Router
  5. SRP500
  6. Configuration manual

Cisco SRP500 Configuration Manual

Small business managed router feature site to site ipsec vpns
Hide thumbs
1
2
3
4
5
6
7
8
9

Advertisement

Quick Links

Download this manual
Cisco Small Business Managed Router Feature Configuration Guide
SRP500 Site to Site IPSec VPNs

Advertisement

loading

Related Manuals for Cisco SRP500

Summary of Contents for Cisco SRP500

  • Page 1 Cisco Small Business Managed Router Feature Configuration Guide SRP500 Site to Site IPSec VPNs...
  • Page 2 A single IKE policy may be used for all IPSec tunnels, or a separate one created for each, depending on your security requirements. Access the VPN > IKE Policy SRP500 page and click Add Entry to define a new policy.

  • Page 3: Ipsec Policy Configuration

    This configuration is summarised as follows once the configuration is submitted. IPSec Policy Configuration An IPSec policy must be created for each site to site tunnel. Each SRP500 device may define up to five IPSec policies. All contents are Copyright © 1992-2011 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
  • Page 4 The following screenshots show the configuration required for the site two SRP500 to establish a VPN tunnel to the IOS device at site 3. Access the VPN > IPSec Policy SRP500 page and click Add Entry to define a new policy.
  • Page 5 The first section above (isakmp policy) follows the SRP500 IKE Policy configuration. The following ipsec transform-set and map sections follow the SRP500 IPSec policy configuration. Access list 110 specifies that all traffic from the local VLAN addressed for the SRP500 VLAN at site two should traverse the IPSec tunnel.
  • Page 6 ISAKMP (2026): received packet from 192.168.200.162 dport 500 sport 500 Global (R) MM_KEY_EXCH ISAKMP:(2026):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH ISAKMP:(2026):Old State = IKE_R_MM4 New State = IKE_R_MM5 All contents are Copyright © 1992-2011 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 9...
  • Page 7 (key eng. msg.) INBOUND local= 192.168.200.146, remote= 192.168.200.162, local_proxy= 192.168.9.0/255.255.255.0/0/0 (type=4), remote_proxy= 192.168.15.0/255.255.255.0/0/0 (type=4), protocol= ESP, transform= NONE (Tunnel), lifedur= 0s and 0kb, All contents are Copyright © 1992-2011 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 7 of 9...
  • Page 8 ISAKMP: set new node -528070160 to QM_IDLE ISAKMP:(2026): processing HASH payload. message ID = -528070160 ISAKMP:(2026): processing DELETE payload. message ID = -528070160 All contents are Copyright © 1992-2011 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 8 of 9...
  • Page 9 ISAKMP:(2026):Old State = IKE_DEST_SA New State = IKE_DEST_SA IPSEC(key_engine): got a queue event with 1 KMI message(s) ISAKMP:(2025):purging SA., sa=8391F804, delme=8391F804 All contents are Copyright © 1992-2011 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 9 of 9...