Posts tagged Crypto
In this article we will configure GRE/IPSEC tunnels. These are used in cases where there is a desire to run routing protocols across a VPN connection. This article is useful for CCNP (ISCW) and CCSP studies.
First we will create our ISAKMP Policy, then we will create a key and associate it with a peer, next we build our Transform Set, then the ACL with traffic to be encrypted, followed by the Crypto Map and finally to the Tunnel interface configuration.
Here’s our ISAKMP Policy:
crypto isakmp policy 10 encr aes 256 authentication pre-share group 5
We set the encryption to an AES 256 bit key, use pre-shared authentication (keys) and Diffie-Hellman Group 5.
Next we create a key and associate it with a peer:
crypto isakmp key Sup3rS3cr3tK3y address 18.104.22.168
Now we build the Transform Set:
crypto ipsec transform-set secure_transform esp-aes esp-sha-hmac
Next we make our ACL:
ip access-list extended GRE_IPSEC_TRAFFIC permit gre host 22.214.171.124 host 126.96.36.199
This is catching GRE traffic from 188.8.131.52 (us, the source) to 184.108.40.206 (our peer, the destination).