Difference between revisions of "VPN setup and troubleshooting"

From Tech-Wiki
Jump to: navigation, search
Line 35: Line 35:
 
  show crypto ipsec transform-set
 
  show crypto ipsec transform-set
 
  debug crypto {isakmp | ipsec}
 
  debug crypto {isakmp | ipsec}
 +
 +
Generating traffic to bring a VPN up
 +
packet-tracer input inside tcp 172.16.0.1 1250 172.25.11.10 80

Revision as of 18:31, 9 January 2017

Implementing VPN Tunnels

ISAKMP Policy 

crypto isakmp policy 10
 encryption aes 256
 hash sha
 authentication pre-share
 group 2
 lifetime 3600

ISAKMP Pre-Shared Key 

crypto isakmp key 1 MySecretKey address 10.0.0.2

IPsec Transform Set 

crypto ipsec transform-set MyTS esp-aes 256 esp-sha-hmac
 mode tunnel

IPsec Profile 

crypto ipsec profile MyProfile
set transform-set MyTS

Virtual Tunnel Interface 

interface Tunnel0
 ip address 172.16.0.1 255.255.255.252
 tunnel source 10.0.0.1
 tunnel destination 10.0.0.2
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile MyProfile

VPN Troubleshooting 

show crypto isakmp sa
show crypto isakmp policy
show crypto ipsec sa
show crypto ipsec transform-set
debug crypto {isakmp | ipsec}

Generating traffic to bring a VPN up 

packet-tracer input inside tcp 172.16.0.1 1250 172.25.11.10 80
Retrieved from ‘http://tech-wiki.net/index.php?title=VPN_setup_and_troubleshooting&oldid=897