This pages looked at steps involved in configuring IPSec
with preshared keys. The steps and related commands are summarized in the
following task list.
Task 1 Prepare for IKE and IPSec
-
Step 1-1 Identify IPSec peers
-
Step 1-2 Determine the IKE (IKE Phase 1) policies
-
Step 1-3 Determine the IPSec (IKE Phase 2) policies
-
Step 1-4 Check the current configuration
show running-config
show isakmp
show crypto map
-
Step 1-5 Ensure the network works without encryption
ping
-
Step 1-6 Ensure access control lists are compatible with
IPSec
show access-lists
Task 2 Configure IKE
-
Step 2-1 Enable or disable IKE
crypto isakmp enable
-
Step 2-2 Create IKE policies
crypto isakmp policy
authentication
encryption
hash
lifetime
-
Step 2-3 Configure preshared keys
crypto isakmp key
-
Step 2-4 Verify the IKE configuration
show crypto isakmp policy
Task 3 Configure IPSec
-
Step 3-1 Configure transform set suites
crypto ipsec transform-set
-
Step 3-2 Configure global IPSec security association
lifetimes
crypto ipsec security-association lifetime
-
Step 3-3 Configure crypto ACLs
access-list
-
Step 3-4 Configure crypto maps
crypto map
-
Step 3-5 Apply the crypto maps to the interface
interface
crypto map
Task 4 Test and verify IPSec
-
Step 4-1 Display the configured IKE policies
show crypto isakmp policy
-
Step 4-2 Display the configured transform sets
show crypto ipsec transform set
-
Step 4-3 Display the current state of the IPSec SAs
show crypto ipsec sa
-
Step 4-4 Display the configured crypto maps
show crypto map
-
Step 4-5 Debug IKE events
debug crypto isakmp
-
Step 4-6 Debug IPSec events
debug crypto ipsec
Sections
Comments (0 posted)
Syndication
