Chapter 7
Configuring VPNs Using an IPSec Tunnel and Generic Routing Encapsulation
Configure a VPN
Perform the following tasks to configure a VPN over an IPSec tunnel:
•
•
•
•
•
•
Configure the IKE Policy
Perform these steps to configure the Internet Key Exchange (IKE) policy, beginning in global
configuration mode:
Command or Action
Step 1
crypto isakmp policy priority
Example:
Router(config)# crypto isakmp policy 1
Router(config-isakmp)#
Step 2
encryption {des | 3des | aes | aes 192 | aes 256}
Example:
Router(config-isakmp)# encryption 3des
Router(config-isakmp)#
Step 3
hash {md5 | sha}
Example:
Router(config-isakmp)# hash md5
Router(config-isakmp)#
Step 4
authentication {rsa-sig | rsa-encr | pre-share}
Example:
Router(config-isakmp)# authentication
pre-share
Router(config-isakmp)#
OL-6426-02
Configure the IKE Policy
Configure Group Policy Information
Enable Policy Lookup
Configure IPSec Transforms and Protocols
Configure the IPSec Crypto Method and Parameters
Apply the Crypto Map to the Physical Interface
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
Purpose
Creates an IKE policy that is used during IKE
negotiation. The priority is a number from 1 to
10000, with 1 being the highest.
Also enters Internet Security Association Key and
Management Protocol (ISAKMP) policy
configuration mode.
Specifies the encryption algorithm used in the IKE
policy.
The example uses 168-bit Data Encryption
Standard (DES).
Specifies the hash algorithm used in the IKE
policy.
The example specifies the Message Digest 5
(MD5) algorithm. The default is Secure Hash
standard (SHA-1).
Specifies the authentication method used in the
IKE policy.
The example uses a pre-shared key.
Configure a VPN
7-3