Cisco 7100 Series Spezifikationen PDF herunterladen (Seite 83)

Extranet VPN Business Scenario 4-11

Configuring IPSec and IPSec Tunnel Mode

Note Set an ISAKMP identity whenever you specify preshared keys. The address

keyword is typically used when there is only one interface (and therefore only one IP

address) that will be used by the peer for IKE negotiations, and the IP address is known.

Use the hostname keyword if there is more than one interface on the peer that might be

used for IKE negotiations, or if the interface’s IP address is unknown (such as with

dynamically-assigned IP addresses).

Conﬁguring IPSec and IPSec Tunnel Mode

After you have conﬁgured a different shared key, conﬁgure IPSec at each participating

IPSec peer. This section contains basic steps to conﬁgure IPSec and includes the following

tasks:

1 Setting Global Lifetimes for IPSec Security Associations

2 Verifying Global Lifetimes for IPSec Security Associations

Note If you set global lifetimes for IPSec SAs while conﬁguring IPSec in Chapter 3,

“Intranet VPN Business Scenario,” there is no need to set lifetimes again here. If you have

not conﬁgured global lifetimes for IPSec SAs on your Cisco 7100 series router, see the

“Setting Global Lifetimes for IPSec Security Associations” section on page 3-20 before

creating your crypto access lists.

3 Creating Crypto Access Lists

4 Verifying Crypto Access Lists

bus-ptnr(config)# crypto isakmp key

67890 address 172.17.2.4

At the remote peer: Specify the shared key to be

used with the local peer. This is the same key you

just speciﬁed at the local peer. This example

conﬁgures the shared key 67890 to be used with the

local peer 172.16.2.2 (serial interface 2/0 on the

headquarters router).

Step Command Purpose

1 2 ... 78 79 80 81 82 83 84 85 86 87 88 ... 111 112

Keine Kommentare

Cisco 7100 Series Spezifikationen Seite 83