Filter
Top Products
4-19
C7200 VSA (VPN Services Adapter) Installation and Configuration Guide
OL-9129-02
Chapter 4 Configuring the VSA
Basic IPSec Configuration Illustration
The crypto map is applied to an interface:
interface Serial0
ip address 10.0.0.2
crypto map toRemoteSite
Note In this example, IKE must be enabled.
Basic IPSec Configuration Illustration
The following is an example of an IPSec configuration in which the security associations are established
through IKE. In this example, an access list is used to restrict the packets that are encrypted and
decrypted. In this example, all packets going from IP address 10.0.0.2 to IP address 10.2.2.2 are
encrypted and decrypted and all packets going from IP address 10.2.2.2 to IP address 10.0.0.2 are
encrypted and decrypted. Also, one IKE policy is created.
Figure 4-1 Basic IPSec Configuration
Router A Configuration
Specify the parameters to be used during an IKE negotiation:
Update to 3DES/AES
crypto isakmp policy 15
encryption des
hash md5
authentication pre-share
group 2
lifetime 5000
crypto isakmp key 1234567890 address 10.2.2.3
crypto isakmp identity address
10.0.0.2
Router A
10.0.0.3
Encrypted text
Clear text
Only packets from 10.0.0.2 to 10.2.2.2 are
encrypted and authenticated across the network.
Clear text Clear text
10.2.2.3
10.0.0.1
Router B
All other packets are not encrypted
29728
10.2.2.2
10.2.2.1