There is an IPSec Tunnel Inbetween R1 and R5 - Here's the config:
R1
1) Define ISAKMP Policy:
Phase 1:
crypto isakmp policy 100
encr aes 256
authentication pre-share
group 5
2) Set ISAKMP key and link it to the peer router
crypto isakmp key letmer1r5 address 192.168.15.5
Phase 2:
3) Set up IPSec transform set
crypto ipsec transform-set R5_TRANSFORM ah-sha-hmac
4) Define which traffic should be encrypted when going out:
access-list 110 permit ip host 192.168.15.1 host 192.168.15.5
NB: Traffic which falls into the deny implict or explict is simply not encrypted, it is not dropped
5) Define Crypto Map:
crypto map R1_2_R5 10 ipsec-isakmp
set peer 192.168.15.5
set transform-set R5_TRANSFORM
match address 110
6) Apply the Crypto Map to the interface:
interface FastEthernet0/0
ip address 192.168.15.1 255.255.255.0
crypto map R1_2_R5
Then for R5
1) Define ISAKMP Policy:
crypto isakmp policy 100
encr aes 256
authentication pre-share
group 5
2) Set ISAKMP key and link it to the peer router
crypto isakmp key letmer1r5 address 192.168.15.1
3) Set up IPSec transform set
crypto ipsec transform-set R1_TRANSFORM ah-sha-hmac
4) Define which traffic should be encrypted when going out:
access-list 110 permit ip host 192.168.15.5 host 192.168.15.1
5) Define Crypto Map:
crypto map R5_2_R1 10 ipsec-isakmp
set peer 192.168.15.1
set transform-set R1_TRANSFORM
match address 110
6) Apply the Crypto Map to the interface:
interface FastEthernet0/0
ip address 192.168.15.5 255.255.255.0
crypto map R5_2_R1
No comments:
Post a Comment