Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
cisco:ipsec [2007/09/25 15:23] a created |
cisco:ipsec [2014/08/12 15:02] 2a01:260:4121:1000:1e6f:65ff:fe38:dc56 |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | <html> | + | ====== Cisco IPSec stuff ====== |
- | <pre> | + | |
+ | ===== ISAKMP associations using RSA keys ===== | ||
+ | |||
+ | more detailed: [[http:// | ||
+ | |||
+ | <code> | ||
+ | R1(config)# crypto key generate rsa general-keys label R1 | ||
+ | The name for the keys will be: R1 | ||
+ | Choose the size of the key modulus in the range of 360 to 2048 for your | ||
+ | General Purpose Keys. Choosing a key modulus greater than 512 may take | ||
+ | a few minutes. | ||
+ | |||
+ | How many bits in the modulus [512]: < | ||
+ | % Generating 512 bit RSA keys, keys will be non-exportable...[OK] | ||
+ | </ | ||
+ | |||
+ | <code |h part-of-config-example> | ||
+ | crypto key pubkey-chain rsa | ||
+ | | ||
+ | address 10.0.23.3 | ||
+ | key-string | ||
+ | ! #################################################### | ||
+ | ! # Replace this with the public key generated on R3 # | ||
+ | ! #################################################### | ||
+ | ! | ||
+ | ! | ||
+ | ! | ||
+ | quit | ||
+ | ! | ||
+ | ! | ||
+ | ! | ||
+ | crypto isakmp policy 10 | ||
+ | encr aes | ||
+ | | ||
+ | ! | ||
+ | ! | ||
+ | crypto ipsec transform-set MyTransformSet ah-sha-hmac esp-aes | ||
+ | ! | ||
+ | crypto ipsec profile MyProfile | ||
+ | set transform-set MyTransformSet | ||
+ | ! | ||
+ | ! | ||
+ | ! | ||
+ | ! | ||
+ | ! | ||
+ | ! | ||
+ | interface Tunnel0 | ||
+ | ip address 172.16.0.1 255.255.255.252 | ||
+ | | ||
+ | | ||
+ | | ||
+ | ! | ||
+ | </ | ||
+ | |||
+ | |||
+ | <code> | ||
Cisco IOS VPN Configuration | Cisco IOS VPN Configuration | ||
Line 166: | Line 221: | ||
Router(config-if)# | Router(config-if)# | ||
Router(config-if)# | Router(config-if)# | ||
+ | |||
If you had multiple tunnels to multiple gateways, you would need to create a | If you had multiple tunnels to multiple gateways, you would need to create a | ||
Line 327: | Line 383: | ||
Router# nodebug all | Router# nodebug all | ||
Router# term no monitor | Router# term no monitor | ||
- | </pre> | + | </code> |
- | </html> | + |