MDS 05-6632A01, Rev. F MDS Orbit MCR/ECR Technical Manual 433
# NOTE: Only client certificate and SUB CA-2 certificate needs to be installed.
crypto pki certificate chain DMVPN-3-TIER-SUBCA-2
certificate 0B
<CONTENTS REMOVED FOR BREVITY>
quit
certificate ca 02
<CONTENTS REMOVED FOR BREVITY>
quit
# IKE/IPsec configuration
crypto ikev2 proposal DMVPN_IKEV2_PROPOSAL
encryption aes-cbc-256
integrity sha1
group 5
!
crypto ikev2 policy DMVPN_IKEV2_POLICY
match fvrf any
proposal DMVPN_IKEV2_PROPOSAL
!
crypto ikev2 profile DMVPN_IKEV2_PROFILE
match certificate ORBIT_CERT_MAP
identity local dn
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint DMVPN-3-TIER-SUBCA-2
dpd 10 3 periodic
!
crypto ipsec transform-set DMVPN_TRANSFORM esp-aes 256 esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN
set transform-set DMVPN_TRANSFORM
set ikev2-profile DMVPN_IKEV2_PROFILE
!
# Multipoint GRE tunnel configuration
interface Tunnel0
description DMVPN NETWORK
ip address 172.16.0.1 255.255.255.0
no ip redirects
To Next Page
Loading...
