FlexVPN – Part 2

-Proposal ==>Dephi Helman Group – Encryption – Integrity
-Policy
-Profile (match), (keyring)

show crypto ikev2 proposal default
show crypto ikev2 policy default
show crypto ikev2 transform-set default
show crypto ipsec profile default

Changing the default proposal

(config)# crypto ikev2 proposal default
(config-ikev2-proposal)# encryption aes-cbc-256
(config-ikev2-proposal)# integrity sha256
(config-ikev2-proposal)# group 2

revert back the default proposal
(config)# default crypto ikev2 proposal

R1–>25.0.0.1
——————–

(config)# crypto ikev2 proposal default
(config-ikev2-proposal)# encryption aes-cbc-256
(config-ikev2-proposal)# integrity sha256
(config-ikev2-proposal)# group 2

(config)# crypto ikev2 keyring Our-keys
# peers R2
# address 25.0.0.2
# identity address 25.0.0.2
# pre-shared-key local cisco123
# pre-shared-key remote cisco 123

(config)# crypto ikev2 profile default
# match identity remote address 25.0.0.2
# identity local address 25.0.0.1
# authentication local pre-share
# authentication remote pre-share
# keyring local Our-keys
# lifetime 7200

(config)# crypto ipsec transform-set default esp-gcm 256

(config)# crypto ipsec profile default
#set pfs group20

(config)# int tunnel 5
#tunnel mode ipsec ipv4
#ip unnumbered loop 0
# tunnel source e0/0
# tunnel destination 25.0.0.2
# tunnel protection ipsec profile default

R2–>25.0.0.2
——————–

(config)# crypto ikev2 proposal default
(config-ikev2-proposal)# encryption aes-cbc-256
(config-ikev2-proposal)# integrity sha256
(config-ikev2-proposal)# group 2

(config)# crypto ikev2 keyring Our-keys
# peers R1
# address 25.0.0.1
# identity address 25.0.0.1
# pre-shared-key local cisco123
# pre-shared-key remote cisco 123

(config)# crypto ikev2 profile default
# match identity remote address 25.0.0.1
# identity local address 25.0.0.2
# authentication local pre-share
# authentication remote pre-share
# keyring local Our-keys
# lifetime 7200

(config)# crypto ipsec transform-set default esp-gcm 256

(config)# crypto ipsec profile default
#set pfs group20

(config)# int tunnel 5
#tunnel mode ipsec ipv4
#ip unnumbered loop 0
# tunnel source e0/0
# tunnel destination 25.0.0.1
# tunnel protection ipsec profile default

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *