Home > Articles > Cisco

  • Print
  • + Share This
From the author of IPsec IKEv1 Example

IPsec IKEv1 Example

An example using IKEv1 would look similar to the configuration example shown in Table 4 and Table 5.

Table 4: IPsec IKEv1 Example—ASA1

1

Create and enter IKEv1 policy configuration mode.

asa1(config)#crypto ikev1 policy 1

2

Configure an authentication method.

asa1(config-ikev1-policy)#authentication pre-share

3

Configure an encryption method.

asa1(config-ikev1-policy)#encryption aes

4

Configure a hash method.

asa1(config-ikev1-policy)#hash sha

5

Configure a Diffie-Hellman (DH) group.

asa1(config-ikev1-policy)#group 2

6

Configure the IKE SA lifetime.

asa1(config-ikev1-polocy)#lifetime 86400

7

Enable IKEv1 on an interface.

asa1(config)#crypto ikev1 enable outside

8

Create an IKEv1 Transform set.

asa1(config)#crypto ipsec ikev1 transform-set ikev1-set esp-aes esp-sha-hmac

9

Create an access-list to specify the interesting traffic to be encrypted within the IPsec tunnel.

asa1(config)#access-list ikev1-list extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0

10

Specify the tunnel group type.

asa1(config)#tunnel-group 10.10.10.2 type ipsec-l2l

11

Enter IPsec tunnel attribute configuration mode.

asa1(config)#tunnel-group 10.10.10.2 ipsec-attributes

12

Configure the IPsec tunnel pre-shared key or certificate trustpoint.

asa1(config-tunnel-ipsec)#ikev1 pre-shared-key this_is_a_key

13

Create a crypto map and match based on the previously created ACL.

asa1(config)#crypto map ikev1-map 1 match address ikev1-list

14

Configure the peer IP address.

asa1(config)#crypto map ikev1-map 1 set peer 10.10.10.2

15

Assign the previously created transform set.

asa1(config)#crypto map ikev1-map 1 set ikev1 transform-set ikev1-set

16

Apply the crypto map to an interface.

asa1(config)#crypto map ikev1-map interface outside

Table 5: IPsec IKEv1 Example—ASA2

1

Create and enter IKEv1 policy configuration mode.

asa2(config)#crypto ikev1 policy 1

2

Configure an authentication method.

asa2(config-ikev1-policy)#authentication pre-share

3

Configure an encryption method.

asa2(config-ikev1-policy)#encryption aes

4

Configure a hash method.

asa2(config-ikev1-policy)#hash sha

5

Configure a Diffie-Hellman (DH) group.

asa2(config-ikev1-policy)#group 2

6

Configure the IKE SA lifetime.

asa2(config-ikev1-polocy)#lifetime 86400

7

Enable IKEv1 on an interface.

asa2(config)#crypto ikev1 enable outside

8

Create an IKEv1 Transform set.

asa2(config)#crypto ipsec ikev1 transform-set ikev1-set esp-aes esp-sha-hmac

9

Create an access-list to specify the interesting traffic to be encrypted within the IPsec tunnel.

asa2(config)#access-list ikev1-list extended permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0

10

Specify the tunnel group type.

asa2(config)#tunnel-group 10.10.10.1 type ipsec-l2l

11

Enter IPsec tunnel attribute configuration mode.

asa2(config)#tunnel-group 10.10.10.1 ipsec-attributes

12

Configure the IPsec tunnel pre-shared key or certificate trustpoint.

asa2(config-tunnel-ipsec)#ikev1 pre-shared-key this_is_a_key

13

Create a crypto map and match based on the previously created ACL.

asa2(config)#crypto map ikev1-map 1 match address ikev1-list

14

Configure the peer IP address.

asa2(config)#crypto map ikev1-map 1 set peer 10.10.10.1

15

Assign the previously created transform set.

asa2(config)#crypto map ikev1-map 1 set ikev1 transform-set ikev1-set

16

Apply the crypto map to an interface.

asa2(config)#crypto map ikev1-map interface outside

  • + Share This
  • 🔖 Save To Your Account