238
[RouterB-ipsec-policy-isakmp-map1-1] transform-set transform_b
[RouterB-ipsec-policy-isakmp-map1-1] quit
8. Assign an IP address to interface Ethernet 1/2.
[RouterB] interface ethernet 1/2
[RouterB-Ethernet1/2] ip address 10.1.2.1 255.255.255.0
[RouterB-Ethernet1/2] quit
9. Assign an IP address to interface Ethernet 1/1.
[RouterB] interface ethernet 1/1
[RouterB-Ethernet1/1] ip address 2.2.2.2 255.255.0.0
10. Apply the IPsec policy group on interface Ethernet 1/1.
[RouterB-Ethernet1/1] ipsec policy map
[RouterB-Ethernet1/1] quit
11. Configure a static route to subnet 10.1.1.0/24.
[RouterB] ip route-static 10.1.1.0 255.255.255.0 1.1.1.1
Verifying the configuration
When traffic between subnet 10.1.1.0/24 and subnet 10.1.2.0/24 goes through Router A and Router
B, IKEv2 negotiation should be triggered. You can check whether the configurations on the routers
are as expected and whether the expected IKEv2 SAs and IPsec SAs have been established.
Take Router A as an example:
# Display the IKEv2 proposal configuration information.
[RouterA] display ikev2 proposal
IKEv2 proposal : proposal_a
Encryption : AES-CBC-192
Integrity : MD5
PRF : MD5
DH Group : MODP1024/Group 2
IKEv2 proposal : default
Encryption : AES-CBC-128
3DES-CBC
Integrity : SHA1
MD5
PRF : SHA1
MD5
DH Group : MODP1536/Group 5
MODP1024/Group 2
# Display the IKEv2 profile configuration information.
[RouterA] display ikev2 profile
IKEv2 profile : profile_a
Match : match address local interface Ethernet1/1
Identity : identity local dn
Auth type : authentication local rsa-sig
authentication remote pre-share
authentication remote rsa-sig
Keyring :
Sign domain : domain_a
Verify domain : domain_b
To Next Page
Loading...
