Mediant MSBRs 30 Document #: LTRT-31828
Security Setup
Command Description
Configures the Diffie-Hellman group.
Selects IKE version 1 or IKE version 2
(config-isakmp)# lifetime 3600
The lifetime is the period of re-authentication. In
this case, the tunnel is re-authenticated every
hour.
Exit policy configuration level.
(config-data)# crypto ipsec
transform-set crypto_set1 esp-aes
Configure the transform set, and select
encrypting type and key length in bits.
(cfg-crypto-trans)# mode tunnel
Select the operation mode.
Exit transform set configuration level.
(config-data)# crypto map MAP1 1
ipsec-isakmp
Configure the crypto map.
(config-crypto-map)# set peer
180.1.100.21
Configure the peer IP address.
(config-crypto-map)# set
transform-set crypto_set1
Configure the transform set.
security-association lifetime
Configure the lifetime timer. When the timer
expires, re authentication commences.
(config-crypto-map)# match
address ipsec
Assign an ACL to the transform set.
(config-crypto-map)# exit
Exit the transform set configuration level.
(config-data)# crypto isakmp key
P@ssw0rd address 180.1.100.21
Configure the key from the IPSec.
(config-data)# interface
GigabitEthernet 0/0
Configure interface g0/0.
(conf-if-GE 0/0)# crypto map MAP1
Assign the IPSec policy to the interface.
(conf-if-GE 0/0)# ip tcp adjust-
mss 1374
Ensures that IPSec traffic is accelerated,
resulting in high performance of the IPSec
traffic.
Note: This is applicable only to Mediant 500Li
MSBR.
# show data crypto status
Displays the IPSec status.
To Next Page
Loading...
