233
acl version: ACL4
mode: isakmp
-----------------------------
PFS: N, DH group: none
tunnel:
local address: 1.1.1.1
remote address: 2.2.2.2
flow:
sour addr: 10.1.1.0/255.255.255.0 port: 0 protocol: IP
dest addr: 10.1.2.0/255.255.255.0 port: 0 protocol: IP
[inbound ESP SAs]
spi: 225986146 (0xd784662)
transform: ESP-ENCRYPT-DES ESP-AUTH-SHA1
in use setting: Tunnel
connection id: 1
sa duration (kilobytes/sec): 1843200/3600
sa remaining duration (kilobytes/sec): 1843200/3460
anti-replay detection: Enabled
anti-replay window size(counter based): 32
udp encapsulation used for nat traversal: N
communication entity: Responder
[outbound ESP SAs]
spi: 120774197 (0x732de35)
transform: ESP-ENCRYPT-DES ESP-AUTH-SHA1
in use setting: Tunnel
connection id: 1
sa duration (kilobytes/sec): 1843200/3600
sa remaining duration (kilobytes/sec): 1843199/3460
anti-replay detection: Enabled
anti-replay window size(counter based): 32
udp encapsulation used for nat traversal: N
communication entity: Responder
Configuring IKEv2 certificate authentication
Network requirements
An IPsec tunnel is required between Router A and Router B to protect the traffic between subnet
10.1.1.0/24 and subnet 10.1.2.0/24. The specific requirements are as follows:
• Use IKEv2 to dynamically negotiate keys and establish and maintain IPsec SAs.
• Configure IKEv2 to use the encryption algorithm AES-CBC-192, integrity protection algorithm
MD5, PRF algorithm MD5, and 1024-bit DH group.
• Set both the local and remote authentication methods to RSA digital certificate.
To Next Page
Loading...
Need help?
General
