Cisco Systems SM-ISM, SA-ISA manual Router B Configuration

Page 49

Chapter 4 Configuring the ISA and ISM

IPSec Example

Note In the above example, the encryption DES of policy 15 would not appear in the written configuration because this is the default value for the encryption algorithm parameter.

A transform set defines how the traffic will be protected

crypto ipsec transform-set auth1 ah-md5-hmac esp-des esp-md5-hmac

mode tunnel

A crypto map joins the transform set and specifies where the protected traffic is sent (the remote IPSec peer).

crypto map toRemoteSite 10 ipsec-isakmp

set peer 10.0.0.2

set transform-set auth1

The crypto map is applied to an interface.

interface Serial0 ip address 11.0.0.2

crypto map toRemoteSite

An IPSec access list defines which traffic to protect.

access-list 101 permit ip host 12.120.0.2 host 15.1.2.1

access-list 101 permit ip host 11.0.0.2 host 10.0.0.2

Router B Configuration

Specify the parameters to be used during an IKE negotiation.

crypto isakmp policy 15 encryption des

hash md5

authentication pre-share group 2

lifetime 5000

crypto isakmp key 1234567890 address 11.0.0.2 crypto isakmp identity address

A transform set defines how the traffic will be protected.

crypto ipsec transform-set auth1 ah-md5-hmac esp-des ah-md5-hmac

mode tunnel

A crypto map joins the transform set and specifies where the protected traffic is sent (the remote IPSec peer).

crypto map toRemoteSite 10 ipsec-isakmp set peer 11.0.0.2

set transform-set auth1

The crypto map is applied to an interface

interface Serial0

ip address 10.0.0.2

crypto map toRemoteSite

An IPSec access list defines which traffic to protect

access-list 101 permit ip host 15.1.2.1 host 12.120.0.2 access-list 101 permit ip host 10.0.0.2 host 11.0.0.2

		Integrated Services Adapter and Integrated Services Module Installation and Configuration

	OL-3575-01 B0			4-13
	OL-3575-01 B0			4-13

Image 49

Contents Text Part Number OL-3575-01 B0 Corporate HeadquartersCopyright 1999- 2003 Cisco Systems, Inc All rights reserved N T E N T S Configuring the ISA and ISM Objectives PrefaceAudience Installation WarningDocument Conventions Document OrganizationSection Title Description Boldface fontIndicates a comment line Italic screen fontVii Terms and AcronymsViii Related DocumentationCisco 7100 series routers Cisco.com Obtaining DocumentationOrdering Documentation Documentation CD-ROMDocumentation Feedback Technical Assistance Center Obtaining Technical AssistanceCisco TAC Escalation Center Obtaining Additional Publications and InformationXiv ISA and ISM Overview OverviewData Encryption Overview Feature Description FeaturesCisco 7100 Series Routers Slot Numbering Port Adapter Slot Locations on the Supported PlatformsPort adapter in slot ISM in slot Cisco 7200 Series Routers Slot NumberingLEDs LEDsLED Label Color State Function BootOL-3575-01 B0 Required Tools and Equipment Preparing for InstallationPlatform Recommended Minimum Cisco IOS Release Safety Warnings Safety GuidelinesEncryption mppe command ISA and ISA ISA with VAMPreparing for Installation Safety Guidelines Preventing Electrostatic Discharge Damage Electrical Equipment GuidelinesOL-3575-01 B0 Handling the ISA or the ISM Removing and Installing the ISA and the ISMHandling the ISM Online Insertion and RemovalRemoving and Installing the ISA and the ISM ISA or ISM Removal and Installation Step Cisco 7100 Series-Removing and Installing the ISMGuide Cisco 7200 Series-Removing and Installing the ISAOverview Configuring the ISA and ISMEnter controller configuration mode on Using the Exec Command InterpreterEnables Mppe encryption Enabling MppeConfig-isakmp command mode Configuring IKEIdentify the policy to create, and enter Specify the encryption algorithmCreating Crypto Access Lists Configuring IPSecDefining a Transform Set Step Command Purpose Creating Crypto Maps Specify an extended access list. This Crypto map configuration modeAccess list determines which traffic is Exit crypto map configuration modeExit interface configuration mode Verifying ConfigurationApplying Crypto Maps to Interfaces Apply a crypto map set to an interfaceCommand Purpose Router# show crypto ipsec sa interface Ethernet0 IPSec Example Configuring the ISA and ISM IPSec ExampleRouter B Configuration OL-3575-01 B0 D E IN-2