VPN setup and troubleshooting

From Tech-Wiki
Revision as of 16:33, 13 July 2016 by Fabricio.Lima (Talk | contribs)

Jump to: navigation, search

Implementing VPN Tunnels

ISAKMP Policy

crypto isakmp policy 10
 encryption aes 256
 hash sha
 authentication pre-share
 group 2
 lifetime 3600

ISAKMP Pre-Shared Key

crypto isakmp key 1 MySecretKey address 10.0.0.2

IPsec Transform Set

crypto ipsec transform-set MyTS esp-aes 256 esp-sha-hmac
 mode tunnel

IPsec Profile

crypto ipsec profile MyProfile
set transform-set MyTS

Virtual Tunnel Interface

interface Tunnel0
 ip address 172.16.0.1 255.255.255.252
 tunnel source 10.0.0.1
 tunnel destination 10.0.0.2
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile MyProfile

VPN Troubleshooting

show crypto isakmp sa
show crypto isakmp policy
show crypto ipsec sa
show crypto ipsec transform-set
debug crypto {isakmp | ipsec}