Chapter 4 Configuring the VSA
Configuration Examples
Configuration Examples
This section provides the following configuration examples:
•Configuring IKE Policies Example, page
•Configuring IPSec Configuration Example, page
•Basic IPSec Configuration Illustration, page
Configuring IKE Policies Example
In the following example, two IKE policies are created, with policy 15 as the highest priority, policy 20 as the next priority, and the existing default priority as the lowest priority. It also creates a preshared key to be used with policy 20 with the remote peer whose IP address is 192.168.224.33.
crypto isakmp policy 15 encryption 3des
hash md5 authentication
lifetime 5000
crypto isakmp policy 20 authentication
crypto isakmp key 1234567890 address 192.168.224.33
Configuring IPSec Configuration Example
The following example shows a minimal IPSec configuration where the security associations will be established via IKE:
An IPSec access list defines which traffic to protect:
A transform set defines how the traffic will be protected. In this example, transform set “myset1” uses DES encryption and SHA for data packet authentication:
crypto ipsec
Another transform set example is “myset2,” which uses Triple DES encryptions and MD5 (HMAC variant) for data packet authentication:
crypto ipsec
A crypto map joins together the IPSec access list and transform set and specifies where the protected traffic is sent (the remote IPSec peer):
crypto map toRemoteSite 10
set
C7200 VSA (VPN Services Adapter) Installation and Configuration Guide
|
| |
|