Cisco 7100 Series Spezifikationen PDF herunterladen (Seite 92)

Step 2—Configuring Encryption and an IPSec Tunnel

Cisco 7100 Series VPN Configuration Guide

4-20

Tips

If you have trouble, make sure you are using the correct IP addresses.

Applying Crypto Maps to Interfaces

You need to apply a crypto map set to each interface through which IPSec trafﬁc will ﬂow.

Applying the crypto map set to an interfaceinstructs the router to evaluateall the interface’s

trafﬁc against the crypto map set and to use the speciﬁed policy during connection or SA

negotiation on behalf of trafﬁc to be protected by crypto.

To apply a crypto map set to an interface, complete the following steps starting in global

conﬁguration mode:

Step Command Purpose

hq-sanjose(config)# interface

serial 2/0

Specify a physical interface on which to apply the

crypto map and enter interface conﬁguration

mode. This example speciﬁes serial interface 2/0

on the headquarters router.

hq-sanjose(config-if)# crypto map

s4second

Apply the crypto map set to the physical interface.

This example conﬁgures crypto map s4second,

which was created in the “Creating Crypto Map

Entries” section on page 4-18.

hq-sanjose(config-if)# exit

hq-sanjose(config)#

Exit back to global conﬁguration mode.

hq-sanjose# clear crypto sa

In privileged EXEC mode, clear the existing

IPSec SAs so that any changes are used

immediately. (Manually established SAs are

reestablished immediately.)

Note Using the clear crypto sa command

withoutparameters clears out the full SA database,

which clears out active security sessions. You may

also specify the peer, map, or entry keywords to

clear out only a subset of the SA database.

1 2 ... 87 88 89 90 91 92 93 94 95 96 97 ... 111 112

Keine Kommentare

Cisco 7100 Series Spezifikationen Seite 92