Lab 33: Site to Site VPN IKEV2 - NetwaxUL

Breaking

Facebook Popup

BANNER 728X90

Friday, December 4, 2015

Lab 33: Site to Site VPN IKEV2

Task

Topology


  1. Setup Site to Site IKEV2.

Solution


Peer1 (Router)
---------------------


crypto ikev2 proposal 10
 encryption aes-cbc-256
 integrity sha256
 group 5
 exit

crypto ikev2 policy 1
 proposal 10
 exit

crypto ikev2 keyring KEY1
 peer peer2
 address 102.1.1.100
 pre-shared-key cisco
 exit
 exit

crypto ikev2 profile IKEV2
 match identity remote add 102.1.1.100
 identity local add 101.1.1.100
 keyring local KEY1
 authentication local pre-share
 authentication remote pre-share
 exit

ip access-list extended VPN
 permit ip host 192.168.1.100 host 192.168.2.100
 exit


crypto ipsec transform-set esp-aes esp-sha-hmac
 exit

crypto map CMAP 10 ipsec-isakmp
 set transform-set tset
 set ikev2-profile IKEV2
 match address VPN
 set peer 102.1.1.100
 exit

int f0/0
 crypto map CMAP
 exit


Peer2 (ASA)
------------------


crypto ikev2 policy 10
 encryption aes-256
 integrity sha256
 prf sha256
 group 5
 exit


tunnel-group 101.1.1.100 type ipsec-l2l
tunnel-group 101.1.1.100 ipsec-attributes
 ikev2 local-authentication pre-share-key cisco
 ikev2 remote-authentication pre-share-key cisco
 exit


crypto ipsec ikev2 ipsec-proposal Prop1
 protocol esp encryption aes
 protocol esp integrity sha-1
 exit

access-list VPN permit ip host 192.168.2.100 host 192.168.1.100

crypto map CMAP 10 set ikev2 ipsec-proposal Prop1
crypto map CMAP 10 set peer 101.1.1.100
crypto map CMAP 10 match address VPN
crypto map CMAP interface outside
crypto ikev2 enable outside

-----------------------------------------

1 comment:

  1. This comment has been removed by a blog administrator.

    ReplyDelete