Chapter 4 Configuring the ISA and ISM

IPSec Example

Note In the above example, the encryption DES of policy 15 would not appear in the written configuration because this is the default value for the encryption algorithm parameter.

A transform set defines how the traffic will be protected

crypto ipsec transform-set auth1 ah-md5-hmac esp-des esp-md5-hmac

mode tunnel

A crypto map joins the transform set and specifies where the protected traffic is sent (the remote IPSec peer).

crypto map toRemoteSite 10 ipsec-isakmp

set peer 10.0.0.2

set transform-set auth1

The crypto map is applied to an interface.

interface Serial0 ip address 11.0.0.2

crypto map toRemoteSite

An IPSec access list defines which traffic to protect.

access-list 101 permit ip host 12.120.0.2 host 15.1.2.1

access-list 101 permit ip host 11.0.0.2 host 10.0.0.2

Router B Configuration

Specify the parameters to be used during an IKE negotiation.

crypto isakmp policy 15 encryption des

hash md5

authentication pre-share group 2

lifetime 5000

crypto isakmp key 1234567890 address 11.0.0.2 crypto isakmp identity address

A transform set defines how the traffic will be protected.

crypto ipsec transform-set auth1 ah-md5-hmac esp-des ah-md5-hmac

mode tunnel

A crypto map joins the transform set and specifies where the protected traffic is sent (the remote IPSec peer).

crypto map toRemoteSite 10 ipsec-isakmp set peer 11.0.0.2

set transform-set auth1

The crypto map is applied to an interface

interface Serial0

ip address 10.0.0.2

crypto map toRemoteSite

An IPSec access list defines which traffic to protect

access-list 101 permit ip host 15.1.2.1 host 12.120.0.2 access-list 101 permit ip host 10.0.0.2 host 11.0.0.2

 

 

Integrated Services Adapter and Integrated Services Module Installation and Configuration

 

 

 

 

 

 

OL-3575-01 B0

 

 

4-13

 

 

 

 

 

Page 49
Image 49
Cisco Systems SM-ISM, SA-ISA manual Router B Configuration