DVTI on Hub-Spoke IKEV2

R1
—————–
(config)#crypto pki certificate map CAMP 1
#issuer-name co talebi

(config)# default crypto ikev2 proposal
(config)# crypto ikev2 proposal default
# encryption aes-cbc-256
# integrity sha256
# group 14

(config)# default crypto ikev2 policy

(config)# crypto ikev2 profile IKEV2-Profile
# identity local dn
# match certificate CMAP
# authentication remote rsa-sig
# authentication local rsa-sig
# pki trustpoint Trusted-cA
# virtual-template 1

(config)# default crypto ipsec transform-set

(config)# crypto ipsec transform-set default esp-gcm 256

(config)# default crypto ipsec profile
(config)# crypto ipsec profile default
(config)# set ikev2-profile IKEV2-Profile
(config)# interface virtual-template 1 type tunnel
#ip unnumbered loop 0
#tunnel source eth0/0
#tunnel mode ipsec ipv4
#tunnel protection ipsec profile default
#ip ospf 1 area 0

R2
—————–
(config)#crypto pki certificate map CAMP 1
#issuer-name co talebi

(config)# default crypto ikev2 proposal
(config)# crypto ikev2 proposal default
# encryption aes-cbc-256
# integrity sha256
# group 14

(config)# default crypto ikev2 policy

(config)# crypto ikev2 profile IKEV2-Profile
# identity local dn
# match certificate CMAP
# authentication remote rsa-sig
# authentication local rsa-sig
# pki trustpoint Trusted-cA

(config)# default crypto ipsec transform-set

(config)# crypto ipsec transform-set default esp-gcm 256

(config)# default crypto ipsec profile
(config)# crypto ipsec profile default
(config)# set ikev2-profile IKEV2-Profile

(config)# interface Tunnel0
#ip unnumbered loop 0
#tunnel source eth0/0
#tunnel destination 15.0.0.1
#tunnel mode ipsec ipv4
#tunnel protection ipsec profile default
#ip ospf 1 area 0

Verify your tunnel
—————-
#show crypto engine connections active
#show crypto ikev2 sa

Troubleshooting

—————-

show crypto ikev2 stats
show crypto ikev2 stats exchange
show crypto ikev2 proposal
show crypto ipsec profile
show crypto ipsec sa
show crypto session

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *