KS configuration
Step 1: Configure ISAKMP policy ( IKE phase 1)
KS(config)# crypto isakmp policy 10
KS(config)# encryption aes
KS(config)# authentication pre-share
KS(config)# group 2
KS(config)# hash sha
KS(config)# crypto isakmp key CCIE address 1.1.1.1
Step 2: Configure IPSEC policy ( IKE phase 2)
KS(config)# crypto ipsec transform-set ccie esp-aes 128
KS(config)# crypto ipsec profile ccie
KS(config)# set transform-set ccie
KS(config)# set security-association lifetime seconds 7200
Step 3: Configure GDOI on KS
KS(config)# crypto gdoi group ccie
KS(config)# identity number 1111
KS(config)# server local
KS(config)# rekey authentication mypubkey rsa getvpn-export-general
Step 1: Configure ISAKMP policy ( IKE phase 1)
KS(config)# crypto isakmp policy 10
KS(config)# encryption aes
KS(config)# authentication pre-share
KS(config)# group 2
KS(config)# hash sha
KS(config)# crypto isakmp key CCIE address 1.1.1.1
Step 2: Configure IPSEC policy ( IKE phase 2)
KS(config)# crypto ipsec transform-set ccie esp-aes 128
KS(config)# crypto ipsec profile ccie
KS(config)# set transform-set ccie
KS(config)# set security-association lifetime seconds 7200
Step 3: Configure GDOI on KS
KS(config)# crypto gdoi group ccie
KS(config)# identity number 1111
KS(config)# server local
KS(config)# rekey authentication mypubkey rsa getvpn-export-general
KS(config)# rekey lifetime seconds 86400
KS(config)# rekey retransmit 40 number 2
KS(config)# rekey transport unicast
KS(config)# sa ipsec 1
KS(config)# profile ccie
KS(config)# address ipv4 1.1.1.1 ( source ip address).
0 comments:
Post a Comment