FlexVPN: IKEV2 – Part 1

FlexVPN = IKEV2 + NGE(Next Generation Encryption)
IKEV1 = phase 1 => negotiate
phase 2 => IPSec Tunnel

IKEV2 => Initial neogtiation + IPSec Tunnel
=> proposals, key ring, policy, profile

#show crypto ikev2 proposal default
#show crypto ikev2 policy default

(config)# crypto ikev2 keyring HRT-keyring
peer container1
address 192.168.10.2
identity fqdn r2.test.local
pre-shared-key local cisco
pre-shared-key remote cisco123

(config)# crypto ikev2 profile HRT-profile
match identity remote fqdn r2.test.local
identity local fqdn r1.test.local
authentication local pre-share
authentication remote pre-share
keyring local HRT-keyring

(config)# crypto ipsec profile default
# set ikev2-profile HRT-profile

(config)# int tunnel 3
# tunnel source gi0/0
# tunnel destination 192.168.10.2
# tunnel mode ipsec ipv4
# tunnel protection ipsec profile default


(config)# crypto ikev2 keyring HRT-keyring
peer container1
address 192.168.10.1
identity fqdn r1.test.local
pre-shared-key local cisco123
pre-shared-key remote cisco

(config)# crypto ikev2 profile HRT-profile
match identity remote fqdn r1.test.local
identity local fqdn r2.test.local
authentication local pre-share
authentication remote pre-share
keyring local HRT-keyring

(config)# crypto ipsec profile default
# set ikev2-profile HRT-profile

(config)# int tunnel 3
# tunnel source gi0/0
# tunnel destination 192.168.10.1
# tunnel mode ipsec ipv4
# tunnel protection ipsec profile default

 

#show crypto ikev2 sa

#show crypto engine active connections

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *