Lab 33: Site to Site VPN IKEV2 - NetwaxUL


Facebook Popup


Friday, December 4, 2015

Lab 33: Site to Site VPN IKEV2



  1. Setup Site to Site IKEV2.


Peer1 (Router)

crypto ikev2 proposal 10
 encryption aes-cbc-256
 integrity sha256
 group 5

crypto ikev2 policy 1
 proposal 10

crypto ikev2 keyring KEY1
 peer peer2
 pre-shared-key cisco

crypto ikev2 profile IKEV2
 match identity remote add
 identity local add
 keyring local KEY1
 authentication local pre-share
 authentication remote pre-share

ip access-list extended VPN
 permit ip host host

crypto ipsec transform-set esp-aes esp-sha-hmac

crypto map CMAP 10 ipsec-isakmp
 set transform-set tset
 set ikev2-profile IKEV2
 match address VPN
 set peer

int f0/0
 crypto map CMAP

Peer2 (ASA)

crypto ikev2 policy 10
 encryption aes-256
 integrity sha256
 prf sha256
 group 5

tunnel-group type ipsec-l2l
tunnel-group ipsec-attributes
 ikev2 local-authentication pre-share-key cisco
 ikev2 remote-authentication pre-share-key cisco

crypto ipsec ikev2 ipsec-proposal Prop1
 protocol esp encryption aes
 protocol esp integrity sha-1

access-list VPN permit ip host host

crypto map CMAP 10 set ikev2 ipsec-proposal Prop1
crypto map CMAP 10 set peer
crypto map CMAP 10 match address VPN
crypto map CMAP interface outside
crypto ikev2 enable outside


1 comment:

  1. This comment has been removed by a blog administrator.