Differences

This shows you the differences between two versions of the page.

--- cisco:ipsec [2007/09/25 15:23]
a created
+++ cisco:ipsec [2009/05/25 00:35]
127.0.0.1 external edit
@@ Line 1: / Line 1: @@
+====== Cisco IPSec stuff ======
+===== ISAKMP associations using RSA keys =====
+more detailed: [[http://packetlife.net/blog/2009/jan/14/isakmp-associations-using-rsa-keys/]]
+<code>
+R1(config)# crypto key generate rsa general-keys label R1
+The name for the keys will be: R1
+Choose the size of the key modulus in the range of 360 to 2048 for your
+  General Purpose Keys. Choosing a key modulus greater than 512 may take
+  a few minutes.
+How many bits in the modulus [512]: <cr>
+% Generating 512 bit RSA keys, keys will be non-exportable...[OK]
+</code>
+<code |h part-of-config-example>
+crypto key pubkey-chain rsa
+ addressed-key 10.0.23.3 encryption
+  address 10.0.23.3
+  key-string
+! ####################################################
+! # Replace this with the public key generated on R3 #
+! ####################################################
+!   305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00B6CAA3 400F6DA9
+!   1D1D6553 3A272A70 A713D69B CA790F74 7D067215 4E2DEDC8 4A59F8A6 F849C422
+!   8D7FCEBE 0D1E4D73 6541A85D 899D4208 EB176BB6 3125C290 63020301 0001
+  quit
+!
+!
+!
+crypto isakmp policy 10
+ encr aes
+ authentication rsa-encr
+!
+!
+crypto ipsec transform-set MyTransformSet ah-sha-hmac esp-aes
+!
+crypto ipsec profile MyProfile
+ set transform-set MyTransformSet
+!
+!
+!
+!
+!
+!
+interface Tunnel0
+ ip address 172.16.0.1 255.255.255.252
+ tunnel source 10.0.12.1
+ tunnel destination 10.0.23.3
+ tunnel protection ipsec profile MyProfile
+!
+</code>
 <html>
 <pre>
@@ Line 166: / Line 222: @@
 Router(config-if)# crypto map CISCO
 Router(config-if)# ^Z
 If you had multiple tunnels to multiple gateways, you would need to create a