What is an IPSEC VPN?
IPSec (IP Security) provide a method to authenticate and encrypt IP traffic, if your network transport. By doing this, that traffic can keep a safe transit. Network traffic tunnels through another network, it creates a VPN (virtual private network). In our example, we use IPSec encrypted VPN tunnels.
A site to site VPN a VPN tunnel is the only tunnel is, typically, permanently attached, to another network (usually via Internet) connecting two networks. Cisco IOS routers can be used to create the site to site VPN tunnel using IPSec. You can connect a Cisco IOS router to another router, Cisco PIX, Cisco ASA or other brands of router/firewall. You should be aware of IPSEC/FW version of Cisco IOS performs the required VPN (encrypted) command is shown below.
Our Sample IPSec VPN Configuration in the Cisco IOS:
Here is a sample Cisco IOS site to site VPN configuration using IPSEC for encryption:
interface E0/0
IP address 192.168.1.254 255.255.255.0
interface Fa3/0
IP address 2.2.2.2 255.255.255.0
crypto isakmp policy 1
encryption 3des
authentication pre-share
crypto isakmp key secretpassword address 1.1.1.1
crypto ipsec transform-set mytransformset esp-3des esp-md5-hmac
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
crypto map Cryptomap1 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set mytransformset
match address 101
Our Sample IPSec VPN Configuration in the Cisco IOS - Explained:
Let us start from the configuration at the top of, go on.
1. encryption policy-defines the ISAKMP security settings between these two peers. In our example, we set the policy, IPSEC (3DES encryption) and pre-shared authentication settings.
2. encryption key-uses to form the IPSec VPN router between the pre-shared key
Formation of 3.Ipsec-lets you set the transform set IPSec VPN IPSec encryption between the two routers is set
4.-ACL of the list is very important, because it defines what traffic is unencrypted between the two routers. If the traffic is not allowed in the ACL, that traffic is not encrypted.
5. create encryption-encrypted map-this map is what brings the policy, key, and access the transform-set list all together. Encrypted map that you define name, and then using that name, the crypto map is applied to an interface.
6.-you will note that the crypto map command to the crypto map Fa3/0 interface {cryptomap1} statement. This is the last statement should be added to the configuration. This is the actual location of the VPN tunnel. This application can make tunnels. Please note how to encrypt a map has a name (which we named "Cryptomap1"). Encrypted maps can have a lot of line numbers. Notice the "10" above, we are configured to display encrypted map 10. From there, you can add a line to 20,30, and so on.
When the router is started, VPN is down. In an encrypted tunnel was first formed during the datagram matches the ACL.
This router is connected to, on the other side of the tunnel, the router has to have the same settings, except for IP addresses will be reversed.
Also, don't forget to allow you to access a list or a firewall, access your router from the Internet to the following.
Access list 150 permit UDP any EQ host 1.1.1.1 ISAKMP
Any access list 150 ESP host 1.1.1.1
You can use to display encrypted with the encrypt command to view your map.
0 comments:
Post a Comment