Task
 |
| Topology |
- Setup Site to Site IKEV2.
Solution
Peer1 (Router)
---------------------
crypto ikev2 proposal 10
encryption aes-cbc-256
integrity sha256
group 5
exit
crypto ikev2 policy 1
proposal 10
exit
crypto ikev2 keyring KEY1
peer peer2
address 102.1.1.100
pre-shared-key cisco
exit
exit
crypto ikev2 profile IKEV2
match identity remote add 102.1.1.100
identity local add 101.1.1.100
keyring local KEY1
authentication local pre-share
authentication remote pre-share
exit
ip access-list extended VPN
permit ip host 192.168.1.100 host 192.168.2.100
exit
crypto ipsec transform-set esp-aes esp-sha-hmac
exit
crypto map CMAP 10 ipsec-isakmp
set transform-set tset
set ikev2-profile IKEV2
match address VPN
set peer 102.1.1.100
exit
int f0/0
crypto map CMAP
exit
Peer2 (ASA)
------------------
crypto ikev2 policy 10
encryption aes-256
integrity sha256
prf sha256
group 5
exit
tunnel-group 101.1.1.100 type ipsec-l2l
tunnel-group 101.1.1.100 ipsec-attributes
ikev2 local-authentication pre-share-key cisco
ikev2 remote-authentication pre-share-key cisco
exit
crypto ipsec ikev2 ipsec-proposal Prop1
protocol esp encryption aes
protocol esp integrity sha-1
exit
access-list VPN permit ip host 192.168.2.100 host 192.168.1.100
crypto map CMAP 10 set ikev2 ipsec-proposal Prop1
crypto map CMAP 10 set peer 101.1.1.100
crypto map CMAP 10 match address VPN
crypto map CMAP interface outside
crypto ikev2 enable outside
-----------------------------------------
This comment has been removed by a blog administrator.
ReplyDelete