CCNP 300-101 Route

VPN

Check isakmp policy

R1# show crypto isakmp policy

Enable isakmp

R1(config)#crypto isakmp enable

Create a policy with pre-shared key

R1(config)# crypto isakmp policy 100
R1(config-isakmp)# authentication pre-share
R1(config-isakmp)# encryption 3des
R1(config-isakmp)# hash md5
R1(config-isakmp)# lifetime 86400
R1(config)# crypto isakmp key 6 CCNP address 10.1.1.252
R1(config)# crypto ipsec transform-set CCNP_LAB ah-md5-hmac
R1(cfg-crypto-trans)# mode tunnel
R1(config)# crypto ipsec security-association lifetime seconds 900

Show ISAKMP Security Associations

R# show crypto isakmp sa

CRYPTO ACL (Remember to input mirror setting on R2)

R1(config)# access-list 103 permit ip host 10.1.1.250 host 10.1.1.252

CRYPTO MAP

R1(config)# crypto map CCNP_MAP 100 ipsec-isakmp
R1(config-crypto-map)# match address 103
R1(config-crypto-map)# set peer 10.1.1.252
R1(config-crypto-map)# set transform-set CCNP_LAB

R1(config)# int gi1/0/27
R1(config-if)# crypto map CCNP_MAP

Troubleshooting

R1# debug crypto ipsec
R1# show crypto map
R1# show crypto isakmp sa
R1# show crypto ipsec sa

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top