Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision Last revision Both sides next revision | ||
cisco:ipsec [2007/09/25 15:23] a created |
cisco:ipsec [2009/05/25 00:35] 127.0.0.1 external edit |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Cisco IPSec stuff ====== | ||
+ | |||
+ | ===== ISAKMP associations using RSA keys ===== | ||
+ | |||
+ | more detailed: [[http:// | ||
+ | |||
+ | < | ||
+ | R1(config)# crypto key generate rsa general-keys label R1 | ||
+ | The name for the keys will be: R1 | ||
+ | Choose the size of the key modulus in the range of 360 to 2048 for your | ||
+ | General Purpose Keys. Choosing a key modulus greater than 512 may take | ||
+ | a few minutes. | ||
+ | |||
+ | How many bits in the modulus [512]: <cr> | ||
+ | % Generating 512 bit RSA keys, keys will be non-exportable...[OK] | ||
+ | </ | ||
+ | |||
+ | <code |h part-of-config-example> | ||
+ | crypto key pubkey-chain rsa | ||
+ | | ||
+ | address 10.0.23.3 | ||
+ | key-string | ||
+ | ! #################################################### | ||
+ | ! # Replace this with the public key generated on R3 # | ||
+ | ! #################################################### | ||
+ | ! | ||
+ | ! | ||
+ | ! | ||
+ | quit | ||
+ | ! | ||
+ | ! | ||
+ | ! | ||
+ | crypto isakmp policy 10 | ||
+ | encr aes | ||
+ | | ||
+ | ! | ||
+ | ! | ||
+ | crypto ipsec transform-set MyTransformSet ah-sha-hmac esp-aes | ||
+ | ! | ||
+ | crypto ipsec profile MyProfile | ||
+ | set transform-set MyTransformSet | ||
+ | ! | ||
+ | ! | ||
+ | ! | ||
+ | ! | ||
+ | ! | ||
+ | ! | ||
+ | interface Tunnel0 | ||
+ | ip address 172.16.0.1 255.255.255.252 | ||
+ | | ||
+ | | ||
+ | | ||
+ | ! | ||
+ | </ | ||
+ | |||
+ | |||
< | < | ||
<pre> | <pre> | ||
Line 166: | Line 222: | ||
Router(config-if)# | Router(config-if)# | ||
Router(config-if)# | Router(config-if)# | ||
+ | |||
If you had multiple tunnels to multiple gateways, you would need to create a | If you had multiple tunnels to multiple gateways, you would need to create a |