2.
Create IKE protocol gateway. For this profile, specify VTI tunnel, policy, protocol version and mode of
traffic redirection into the tunnel.
esr(config)# security ike gateway ike_gw1
esr(config-ike-gw)# ike-policy ike_pol1
esr(config-ike-gw)# local address 198.51.100.1
esr(config-ike-gw)# local network 10.0.0.0/16
esr(config-ike-gw)# remote address 203.0.113.1
esr(config-ike-gw)# remote network 192.0.2.0/24
esr(config-ike-gw)# mode policy-based
esr(config-ike-gw)# exit
Create security parameters profile for IPsec tunnel. For the profile, select Diffie-Hellman group 2, AES
128 bit encryption algorithm and MD5 authentication algorithm. Use the following parameters to secure
IPsec tunnel:
esr(config)# security ipsec proposal ipsec_prop1
esr(config-ipsec-proposal)# authentication algorithm md5
esr(config-ipsec-proposal)# encryption algorithm aes128
esr(config-ipsec-proposal)# exit
Create a policy for IPsec tunnel. For the policy, specify the list of IPsec tunnel profiles that may be used
for node negotiation:
esr(config)# security ipsec policy ipsec_pol1
esr(config-ipsec-policy)# proposal ipsec_prop1
esr(config-ipsec-policy)# exit
CreateIPsec VPN. For VPN, specify IKE protocol gateway, IPsec tunnel policy, key exchange mode and
connection establishment method. When all parameters are entered, enable tunnel using the enable
command.
esr(config)# security ipsec vpn ipsec1
esr(config-ipsec-vpn)# mode ike
esr(config-ipsec-vpn)# ike establish-tunnel immediate
esr(config-ipsec-vpn)# ike gateway ike_gw1
esr(config-ipsec-vpn)# ike ipsec-policy ipsec_pol1
esr(config-ipsec-vpn)# enable
esr(config-ipsec-vpn)# exit
esr(config)# exit
R2 configuration
Configure external network interface and identify its inherence to a security zone:
esr# configure
esr(config)# interface gi 1/0/1
esr(config-if)# ip address 203.0.113.1/24
esr(config-if)# security-zone untrusted
esr(config-if)# exit
To Next Page
Loading...
Need help?
General
