Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Chapter 6 - VPN - Part 2 - IP Sec Configuring

    Enviado por

    Cao Hồng Minh
    17 visualizações32 páginas

    Título original

    Chapter 6 - VPN - Part 2- IP Sec Configuring

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    17 visualizações32 páginas

    Chapter 6 - VPN - Part 2 - IP Sec Configuring

    Enviado por

    Cao Hồng Minh

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 32

    CCNA Advance

    Chapter 6
    Virtual Private Network - VPN

    Configuring IPSec

    Tasks to Configure IPSec

    Task 1 Prepare for IKE and IPSec

    Task 1.1: IKE Phase 1 Policy Example

    Task 1.2: IKE Phase 2 Policy Example

    Task 1.3 Check Current Configuration

    Task 1.4 Ensure The Network Works

    Task 1.5 Ensure ACLs are Compatible


    with IPSec

    Task 2 Configuration IKE

    Task 2.1, 2.2 Enable IKE, create policy


    Task 2.1

    Task 2.2

    11

    Task 2.2 Create IKE Policies


    with The crypto isakmp Command

    12

    Task 2.3 Configure ISAKMP Identity

    IPSec peers authenticate each other during ISAKMP


    negotiations using the preshared key and the ISAKMP
    identity.
    The identity can either be the router IP address or host
    name.
    Cisco IOS software uses the IP address identity method by
    default.

    13

    Task 2.4 Configure Pre-shared Keys

    14

    Task 2.4 Configure Pre-shared Keys

    RouterA(config)#crypto isakmp key cisco1234 address 172.30.2.2


    RouterA(config)#crypto isakmp policy 110
    RouterA(config-isakmp)#hash md5
    RouterA(config-isakmp)#authentication pre-share
    RouterB(config)#crypto isakmp key cisco1234 address 172.30.2.1
    RouterB(config)#crypto isakmp policy 110
    RouterB(config-isakmp)#hash md5
    RouterB(config-isakmp)#authentication pre-share

    15

    Task 2.5 Verify IKE Configuration

    16

    Task 3 Configure IPSec

    Task 3 Configure IPSec

    18

    Task 3.1 Configure Transform Set


    Suites

    A transform set defines the type of authentication,


    integrity, and payload encryption you will use for your VPN
    tunnel.

    19

    Task 3.1 - Transform Set Negotiation

    20

    Task 3.2 Configure Global IPSec Security


    Association Lifetimes (Optional)

    21

    Task 3.2 - Purpose of Crypto ACLs

    22

    Task 3.3 Create Crypto ACLs using


    Extended Access Lists

    23

    Task 3.3 - Configure Symmetrical Peer


    Crypto Access Lists

    Symmetrical Peer Crypto Access Lists MUST be done

    24

    Task 3.3 - Purpose of Crypto Maps

    25

    Task 3.3 - Crypto Map Parameters

    26

    Task 3.4 Configure IPSec Crypto


    Maps

    27

    Task 3.4 IPSec Crypto Maps


    Configuration Mode

    28

    Task 3.4 - Example Crypto Map


    Commands

    29

    Task 3.5 Apply Crypto Maps to


    Interfaces

    30

    IPSec Configuration Summative


    Examples

    31

    Question ?
    Thank you !

    Você também pode gostar