•
•
•
•
•
1.
IKE:
Diffie-Hellman group: 2;
encryption algorithm: AES 128 bit;
authentication algorithm: MD5.
IPSEC:
encryption algorithm: AES 128 bit;
authentication algorithm: MD5.
Solution:
R1 configuration
Configure external network interface and identify its inherence to a security zone:
esr# configure
esr(config)# interface gigabitethernet 1/0/1
esr(config-if-gi)# ip address 198.51.100.1/24
esr(config-if-gi)# security-zone untrusted
esr(config-if-gi)# exit
To configure security zones rules, you should create ISAKMP port profile:
esr(config)# object-group service ISAKMP
esr(config-object-group-service)# port-range 500
esr(config-object-group-service)# exit
Create IKE protocol profile. Select Diffie-Hellman group 2, AES 128 bit encryption algorithm and MD5
authentication algorithm in the profile. The given security parameters are used for IKE connection
protection:
esr(config)# security ike proposal ike_prop1
esr(config-ike-proposal)# dh-group 2
esr(config-ike-proposal)# authentication algorithm md5
esr(config-ike-proposal)# encryption algorithm aes128
esr(config-ike-proposal)# exit
Create IKE protocol policy. For the policy, specify the list of IKE protocol profiles that may be used for
node and authentication key negotiation:
esr(config)# security ike policy ike_pol1
esr(config-ike-policy)# pre-shared-key hexadecimal 123FFF
esr(config-ike-policy)# proposal ike_prop1
esr(config-ike-policy)# exit
To Next Page
Loading...
Need help?
General
