GETVPN:
KS:
1. crypto key generate
2. access-list
3. crypto isakmp key
4. crypto ipsec transform-set
5. crypto ispec profile
6. crypto gdoi group 1
7. crypto gdoi group 2
8. sa ipsec => assign profile and address
GM :
1. crypto keyring site-1 vrf
2. crypto keyring site-2 vrf
3. crypto isakmp policy
4. crypto isakmp profile
5. crypto gdoi group
6. crypto map
7. apply to interface
IKEv2 L2L
ASA:
1. access-list
2. ikev2 policy
3. ipsec proposal
4. tunnel group
5. crypto map
Router:
1. access-list
2. ikev2 proposal
3. ikev2 policy - assign proposal to policy
4. crypto ikev2 keyring
5. ikev2 profile - assign keyring to profile
6. ipsec transform-set
7. crypto map - set address, transform-set and profile
8. Apply to int
KS:
1. crypto key generate
2. access-list
3. crypto isakmp key
4. crypto ipsec transform-set
5. crypto ispec profile
6. crypto gdoi group 1
7. crypto gdoi group 2
8. sa ipsec => assign profile and address
GM :
1. crypto keyring site-1 vrf
2. crypto keyring site-2 vrf
3. crypto isakmp policy
4. crypto isakmp profile
5. crypto gdoi group
6. crypto map
7. apply to interface
IKEv2 L2L
ASA:
1. access-list
2. ikev2 policy
3. ipsec proposal
4. tunnel group
5. crypto map
Router:
1. access-list
2. ikev2 proposal
3. ikev2 policy - assign proposal to policy
4. crypto ikev2 keyring
5. ikev2 profile - assign keyring to profile
6. ipsec transform-set
7. crypto map - set address, transform-set and profile
8. Apply to int
No comments:
Post a Comment