Scribd
Upload
86 views

VPN Ipsec: Ing. Luis Retamozo

vpn ipsec

Uploaded by

Jerson Molina
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
86 views

VPN Ipsec: Ing. Luis Retamozo

vpn ipsec

Uploaded by

Jerson Molina
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 8

VPN IPSec

CCNA4

Ing. Luis Retamozo


Copyright © 5/19/20 por TECSUP
Steps to Configuring an IPsec VPN
192.168.1.0 /24 10.10.10.0 /24

.1 .1
Fa0/0 Branch
IPsec VPN
HQ Fa0/0
S0/0/1 S0/0/1
.242 .226

209.165.200.240 /29 Internet 209.165.200.224 /29

.241 .225
Branch Server NAT Pool Email Server
NAT Pool 10.10.10.238
192.168.1.254 209.165.200.249 – ISP
(209.165.200.254) 209.165.200.233 – (209.165.200.238)
209.165.200.253/29 209.165.200.237
/29

1. Configure the initial key (ISAKMP policy) details.


2. Configure the IPsec details.
3. Configure the crypto ACL.
4. Configure the VPN tunnel information.
5. Apply the crypto map.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Branch Router IPsec VPN Configuration
Branch# conf t
Branch(config)# crypto isakmp policy 1
ISAKMP Policy
Branch(config-isakmp)# encryption aes 
Specifies the initial VPN security
Branch(config-isakmp)# authentication pre-share details
Branch(config-isakmp)# group 2
Branch(config-isakmp)# exit
Branch(config)# crypto isakmp key cisco123 address 209.165.200.226 IPsec Details
Branch(config)# 
Specifies how the
Branch(config)# crypto ipsec transform-set HQ-VPN esp-sha-hmac esp-3des IPsec packet will
Branch(cfg-crypto-trans)# exit be encapsulated
Branch(config)#
Branch(config)# access-list 110 permit ip 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255
Branch(config)#
Crypto ACL
Branch(config)#
Branch(config)# crypto map HQ-MAP 10 ipsec-isakmp

Specifies the traffic that will trigger
the VPN to activate
% NOTE: This new crypto map will remain disabled until a peer
VPN Tunnel Information
Branch(config-crypto-map)# set transform-set HQ-VPN
Branch(config-crypto-map)# set peer 209.165.200.226 
Creates the crypto map that
Branch(config-crypto-map)# match address 110 combines the ISAKMP policy,
IPsec transform set, VPN peer
Branch(config-crypto-map)# exit
address, and crypto ACL
Branch(config)# int s0/0/1
Branch(config-if)# crypto map HQ-MAP
Apply the Crypto Map
Branch(config-if)# ^Z 
Identifies which interface is actively looking to create a
Branch# VPN
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Verifying and Troubleshooting IPsec
Command Description
Displays display the specifics contained in a crypto map
show crypto map
configuration.

show crypto session Displays the status information of the active crypto
sessions.

show crypto ipsec sa Displays the settings used by current SAs.

debug crypto ipsec View real time IPsec events.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
IPSec VPN

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Configure IPSEC in five simple steps
-Create extended ACL
-Configure the ISAKMP Policy
-Create IPSec Transform
-Define the password to use between the R1 and R2
-Create Crypto Map
-Apply crypto map to the public interface

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Troubleshooting IPSec

1.-This command shows the Internet Security Association Management


Protocol (ISAKMP) security associations (SAs) built between peers.

2.-If the command show crypto isakmp sa shows MM_NO_STATE.


This means that main mode has failed.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

You might also like