3-14
Cisco uBR924 Software Configuration Guide
OL-0337-05 (8/2002)
Chapter 3 Advanced Data-Only Configurations
IPSec (56-bit) Example
–
56-bit DES-CBC encryption (the default)
–
MD5 (HMAC variant) hash algorithm
–
Pre-shared authentication keys
–
768-bit Diffie-Hellman group (the default)
–
Security association lifetime of 5,000 seconds (approximately 83 minutes).
• The pre-shared key has the value 1234567890 (normally keys would be much more complex than
this simple example)
• IPSec encryption is being done on traffic sent from the cable interface on the Cisco uBR924 router
(at IP address 10.1.0.25).
• One single peer is defined—the router at IP address 30.1.1.1.
• IPSec encryption is applied to all traffic that matches the contents of access list 200.
IPSec-related commands are shown in bold.
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
clock timezone - 0 6
ip subnet-zero
no ip domain-lookup
!
crypto isakmp policy 1
hash md5
authentication pre-share
lifetime 5000
crypto isakmp key 1234567890 address 30.1.1.1
crypto isakmp identity hostname
!
crypto ipsec transform-set test-transform ah-md5-hmac esp-des esp-md5-hmac
!
crypto map test-ipsec local-address cable-modem0
crypto map test-ipsec 10 ipsec-isakmp
set peer 30.1.1.1
set transform-set test-transform
match address 200
!
interface Ethernet0
ip address 192.168.100.1 255.255.255.0
no ip directed-broadcast
!
interface cable-modem0
ip address dhcp
no ip directed-broadcast
no keepalive
no cable-modem compliant bridge
crypto map test-ipsec
router rip
version 2
network 10.0.0.0
network 192.168.100.0
!
ip classless
no ip http server