191
# Configure the IPsec profile to reference the IPsec transform set method1.
[RouterB-ipsec-profile-btoa] transform-set method1
[RouterB-ipsec-profile-btoa] quit
# Create tunnel interface Tunnel 1. This interface will be used to protect the data flows between
Router B and Router A. As the public IP address of the remote peer is not known, you do not
need to configure the destination address on the tunnel interface.
[RouterB] interface tunnel 1
# Assign IPv4 address 10.1.1.2/24 to tunnel interface Tunnel 1.
[RouterB–Tunnel1] ip address 10.1.1.2 24
# Set the tunnel mode of tunnel interface Tunnel 1 to IPsec over IPv4.
[RouterB–Tunnel1] tunnel-protocol ipsec ipv4
# Set the source interface of the tunnel to Serial 2/1 on Tunnel 1.
[RouterB–Tunnel1] source serial 2/1
# Apply IPsec profile btoa to tunnel interface Tunnel 1.
[RouterB–Tunnel1] ipsec profile btoa
[RouterB–Tunnel1] quit
# Configure a static route to Router A.
[RouterB] ip route-static 172.17.17.0 255.255.255.0 tunnel 1
3. Verify the configuration:
After the configuration, IKE negotiation is triggered to set up SAs when Serial 2/1 on Router A
complements the dial-up process. If IKE negotiation is successful and SAs are set up, the IPsec
tunnel between Router A and Router B is up, and provides protection for packets traveling
through it.
# Execute the display brief interface command on Router B. The output shows the link status
of the IPsec tunnel interface is up.
[RouterB] display interface tunnel 1 brief
Link: ADM - administratively down; Stby – standby
Protocol: (s) – spoofing
Interface Link Protocol Main IP Description
Tun1 UP UP 10.1.1.2
# Execute the display ike sa command on Router B. The output shows that the SAs of two
phases are established.
[RouterB] display ike sa
total phase-1 SAs: 1
connection-id peer flag phase doi
----------------------------------------------------------
1 1.1.1.2 RD 1 IPSEC
2 1.1.1.2 RD 2 IPSEC
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO—TIMEOUT RK--REKEY
# You can also view the IPsec SA information.
[RouterB] display ipsec sa
===============================
Interface: Tunnel1
path MTU: 1443
===============================
-----------------------------
To Next Page
Loading...
