Difference between revisions of "VPN setup and troubleshooting"
From Tech-Wiki
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | Implementing VPN Tunnels | + | [[Category:Cisco Systems]] |
+ | '''Implementing VPN Tunnels''' | ||
ISAKMP Policy | ISAKMP Policy | ||
Line 31: | Line 32: | ||
show crypto isakmp sa | show crypto isakmp sa | ||
show crypto isakmp policy | show crypto isakmp policy | ||
− | |||
show crypto ipsec transform-set | show crypto ipsec transform-set | ||
+ | show crypto ipsec sa | ||
+ | show crypto ipsec sa peer 200.0.0.1 | ||
+ | show vpn-sessiondb l2l | ||
debug crypto {isakmp | ipsec} | debug crypto {isakmp | ipsec} | ||
+ | |||
+ | Generating traffic to bring a VPN up | ||
+ | packet-tracer input inside tcp 172.16.0.1 1250 172.25.11.10 80 |
Latest revision as of 14:29, 11 January 2017
Implementing VPN Tunnels
ISAKMP Policy
crypto isakmp policy 10 encryption aes 256 hash sha authentication pre-share group 2 lifetime 3600
ISAKMP Pre-Shared Key
crypto isakmp key 1 MySecretKey address 10.0.0.2
IPsec Transform Set
crypto ipsec transform-set MyTS esp-aes 256 esp-sha-hmac mode tunnel
IPsec Profile
crypto ipsec profile MyProfile set transform-set MyTS
Virtual Tunnel Interface
interface Tunnel0 ip address 172.16.0.1 255.255.255.252 tunnel source 10.0.0.1 tunnel destination 10.0.0.2 tunnel mode ipsec ipv4 tunnel protection ipsec profile MyProfile
VPN Troubleshooting
show crypto isakmp sa show crypto isakmp policy show crypto ipsec transform-set show crypto ipsec sa show crypto ipsec sa peer 200.0.0.1 show vpn-sessiondb l2l debug crypto {isakmp | ipsec}
Generating traffic to bring a VPN up
packet-tracer input inside tcp 172.16.0.1 1250 172.25.11.10 80