Motorola WS5100 Series Migration Giude page 193
Hide thumbs
Also See for WS5100 Series:
- Cli reference manual (492 pages) ,
- Reference manual (444 pages) ,
- Troubleshooting manual (100 pages)
Table of Contents
Advertisement
e. Create and configure a crypto map.
WS5100(config)#crypto map THIRDMAP 435 isakmp
WS5100(config-crypto-map)#set peer 15.1.1.20
WS5100(config-crypto-map)#match address 150
WS5100(config-crypto-map)#set transformset TFSET
WS5100(config-crypto-map)#set security-association lifetime seconds 3600
f. Associate the crypto map with a VLAN interface.
WS5100(config)#interface vlan1
WS5100(config-if)#ip address 11.1.1.10/24
WS5100(config-if)#crypto map THIRDMAP
WS5100(config-if)#interface vlan2100
WS5100(config-if)#ip address 12.1.1.10/24
WS5100(config-if)#ip route 0.0.0.0/0 11.1.1.2
2. Configuration required on WS5100 Switch 2:
a. Create an extended ACL. This is used to define the tunnel used by the traffic.
WS5100(config)#access-list 155permit ip 13.1.1.0/24 12.1.1.0/24 rule-
precedence 1
b. Create and configure the ISAKMP parameters.
WS5100(config)#crypto isakmp keepalive 10
WS5100(config)#crypto isakmp key SYMBOLAD address 11.1.1.10
WS5100(config)#crypto ipsec security-association lifetime kilobytes
4608000
c. Create and configure ISAKMP policy.
WS5100(config)#crypto isakmp policy 100
WS5100(config-crypto-isakmp)#encryption aes
WS5100(config-crypto-isakmp)#hash sha
WS5100(config-crypto-isakmp)#authentication pre-share
WS5100(config-crypto-isakmp)#group 5
WS5100(config-crypto-isakmp)#lifetime 9496
d. Create and configure IPSec transform set.
WS5100(config)#crypto ipsec transform-set TFSET ah-sha-hmac esp-aes esp-
sha-hmac
WS5100(config-crypto-ipsec)#mode tunnel
e. Create and configure a crypto map.
WS5100(config)#crypto map THIRDMAP 435 isakmp
WS5100(config-crypto-map)#set peer 11.1.1.10
WS5100(config-crypto-map)#match address 150
11-35
VPN
Advertisement
Table of Contents
