Table of Contents
Advertisement
Creating an IPSec Tunnel
To create an IPSec tunnel:
1.
2.
3.
4.
5.
6.
7.
8.
NOTE: FQDNs are used when tunnel destination endpoints do not have a fixed
address, as in cable and DSL environments.
host1(config)#ipsec key manual pre-share 10.10.1.1
host1(config-manual-key)#masked-key
AAAAGAAAAAcAAAACfd+SAsaVQ6Qeopt2rJOP6LDg+0hX5cMO
There is no no version. To delete a key, use the no version of the ipsec key
manual command.
See masked-key.
Enter virtual router mode. Specify the VR that contains the source and destination
addresses assigned to the tunnel interface.
host1(config)#virtual-router vrA
host1:vrA(config)#
Create an IPSec tunnel, and specify the transport VR.
host1:vrA(config)#interface tunnel ipsec:Aottawa2boston transport-virtual-router
default
host1:vrA(config-if)#
Specify the IP address of this tunnel interface.
host1:vrA(config-if)#ip address 10.3.0.0 255.255.0.0
Specify the transform set that ISAKMP uses for SA negotiations.
host1:vrA(config-if)#tunnel transform-set customerAprotection
Configure the local endpoint of the tunnel.
host1:vrA(config-if)#tunnel local-identity subnet 10.1.0.0 255.255.0.0
Configure the peer endpoint of the tunnel.
host1:vrA(config-if)#tunnel peer-identity subnet 10.3.0.0 255.255.0.0
Specify an existing interface address that the tunnel uses as its source address.
host1:vrA(config-if)#tunnel source 5.1.0.1
Specify the address or identity of the tunnel destination endpoint.
host1:vrA(config-if)#tunnel destination identity branch245.customer77.isp.net
host1:vrA(config-if)#exit
Chapter 5: Configuring IPSec
149
Configuration Tasks
Advertisement
Table of Contents
