Pages

Friday, April 8, 2016

VPN config points

GETVPN:

KS:
1. crypto key generate
2. access-list
3. crypto isakmp key
4. crypto ipsec transform-set
5. crypto ispec profile
6. crypto gdoi group 1
7. crypto gdoi group 2
8. sa ipsec => assign profile and address

GM :
1. crypto keyring site-1 vrf
2. crypto keyring site-2 vrf
3. crypto isakmp policy
4. crypto isakmp profile
5. crypto gdoi group
6. crypto map
7. apply to interface

IKEv2 L2L

ASA:
1. access-list
2. ikev2 policy
3. ipsec proposal
4. tunnel group
5. crypto map

Router:
1. access-list
2. ikev2 proposal
3. ikev2 policy - assign proposal to policy
4. crypto ikev2 keyring
5. ikev2 profile - assign keyring to profile
6. ipsec transform-set
7. crypto map - set address, transform-set and profile
8. Apply to int


No comments:

Post a Comment