Post on 27-Mar-2015
© 2006 Cisco Systems, Inc. All rights reserved.
Network Security 2
Module 4: Configuring Site to Site VPN with Pre-shared keys
© 2006 Cisco Systems, Inc. All rights reserved.
Lesson 4.3 Configure a Router with IPSec Using Pre-shared Keys
Module 4: Configuring Site to Site VPN with Pre-shared keys
© 2006 Cisco Systems, Inc. All rights reserved.
Configuring IPsec Step 1: Configure transform sets.
Step 2: Configure global IPsec SA lifetimes.
Step 3: Configure crypto ACLs
Step 4: Configure crypto maps
Step 5: Apply the crypto maps to the terminating / originating interface
© 2006 Cisco Systems, Inc. All rights reserved.
© 2006 Cisco Systems, Inc. All rights reserved.
Step 2 – Create IKE policies
© 2006 Cisco Systems, Inc. All rights reserved.
© 2006 Cisco Systems, Inc. All rights reserved.
© 2006 Cisco Systems, Inc. All rights reserved.
Step 3: Purpose of Crypto ACLs
The peer that initiates the negotiation sends all its policies to the remote peer, and the remote peer tries to find a match with its policies
© 2006 Cisco Systems, Inc. All rights reserved.
ISAKMP Identity
© 2006 Cisco Systems, Inc. All rights reserved.
Step 3 – Configure pre-shared keys
© 2006 Cisco Systems, Inc. All rights reserved.
Step 4 – Purpose of Crypto Maps
© 2006 Cisco Systems, Inc. All rights reserved.
© 2006 Cisco Systems, Inc. All rights reserved.
© 2006 Cisco Systems, Inc. All rights reserved.
Step 5: Applying Crypto Maps to Interfaces
© 2006 Cisco Systems, Inc. All rights reserved.
© 2006 Cisco Systems, Inc. All rights reserved.
Q and A
© 2006 Cisco Systems, Inc. All rights reserved.