Chapter 9 Configuring Security Features
Configuring VPN
Configure IPSec Transforms and Protocols
A transform set represents a certain combination of security protocols and algorithms. During IKE negotiation, the peers agree to use a particular transform set for protecting data flow.
During IKE negotiations, the peers search in multiple transform sets for a transform that is the same at both peers. When a transform set that contains such a transform is found, it is selected and applied to the protected traffic as a part of both peers’ configurations.
To specify the IPSec transform set and protocols, perform these steps, beginning in global configuration mode:
SUMMARY STEPS
1.crypto ipsec profile profile-name
2.crypto ipsec
3.crypto ipsec
DETAILED STEPS
| Command or Action | Purpose |
Step 1 |
|
|
crypto ipsec profile | Configures IPSec profile to apply protection on | |
| Example: | the tunnel for encryption. |
|
| |
| Router(config)# crypto ipsec profile pro1 |
|
| Router(config)# |
|
Step 2 |
|
|
crypto ipsec | Defines a transform | |
| combination of IPSec security protocols and | |
| [transform3] [transform4] | algorithms. |
|
| |
| Example: | See Secure Connectivity Configuration Guide |
| Router(config)# crypto ipsec | Library, Cisco IOS Release 12.4T for details about |
| the valid transforms and combinations. | |
| vpn1 | |
| Router(config)# |
|
Step 3 |
|
|
crypto ipsec | Specifies global lifetime values used when IPSec | |
| {seconds seconds kilobytes kilobytes} | security associations are negotiated. |
| Example: |
|
| Router(config)# crypto ipsec |
|
|
| |
| Router(config)# |
|
|
|
|
Configure the IPSec Crypto Method and Parameters
A dynamic crypto map policy processes negotiation requests for new security associations from remote IPSec peers, even if the router does not know all the crypto map parameters (for example, IP address).
To configure the IPSec crypto method, perform these steps, beginning in global configuration mode:
| Cisco 819 Series Integrated Services Routers Software Configuration Guide |
|
