Cisco 7100 Series Especificaciones Pagina 56
- Pagina / 112
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Step 3—Configuring Encryption
Cisco 7100 Series VPN Configuration Guide
3-26
Configuring Crypto Maps
Crypto map entries created for IPSec pull together the various parts used to set up IPSec
SAs, including:
• Which traffic should be protected by IPSec (per a crypto access list).
• The granularity of the flow to be protected by a set of SAs.
• Where IPSec-protected traffic should be sent (who the remote IPSec peer is).
• The local address to be used for the IPSec traffic. (See the “Applying Crypto Maps to
Interfaces” section on page 3-30 for more details.)
• What IPSec security should be applied to this traffic(selecting from a list of one or more
transform sets).
• Whether SAs are manually established or are established via IKE.
• Other parameters that might be necessary to define an IPSec SA.
Crypto map entries with the same crypto map name (but different map sequence numbers)
are grouped into a crypto map set. Later, you willapply these crypto map sets to interfaces;
then, all IP traffic passing through the interface is evaluated against the applied crypto map
set. If a crypto map entry sees outbound IP traffic that should be protected and the crypto
map specifies the use of IKE, a security association is negotiated with the remote peer
according to the parameters included in the crypto map entry; otherwise, if the crypto map
entry specifies the use of manual security associations, a security association should have
already been established via configuration. (If a dynamic crypto map entry sees outbound
traffic that should be protected and no security association exists, the packet is dropped.)
The policy described in the crypto map entries is used during the negotiation of security
associations. If the local router initiates the negotiation, it will use the policy specified in
the static crypto map entries to create the offer to be sent to the specified IPSec peer. If the
IPSec peer initiates the negotiation, the local router will check the policy from the static
crypto map entries, as well as any referenced dynamic crypto map entries to decide whether
to accept or reject the peer’s request (offer).
ForIPSec to succeed between twoIPSec peers, both peers’ crypto map entries must contain
compatible configuration statements.
- Cisco 7100 Series VPN 1
- Configuration Guide 1
- Preface vii 3
- Audience 4
- Organization 5
- Related Documentation 6
- Preface xi 7
- Conventions 8
- Cisco Connection Online 9
- Documentation CD-ROM 10
- Using Cisco IOS Software 11
- Getting Help 12
- Finding Command Options 13
- • controller t1 1 13
- Understanding Command Modes 18
- Summary of Main Command Modes 19
- Router(config-if)# 20
- Router(config-subif)# 20
- Saving Configuration Changes 21
- Saving Configuration Changes 22
- Before You Begin 23
- Considerations 25
- Before You Begin 2-5 27
- Assumptions 29
- Intranet VPN Business 31
- Scenario 31
- Scenario Description 32
- Step 1—Configuring the Tunnel 34
- Step 1—Configuring the Tunnel 35
- Step 3—Configuring Encryption 41
- Configuring IKE Policies 43
- Creating Policies 44
- • RSA signatures method: 45
- Configuring Preshared Keys 46
- Verifying IKE Policies 48
- Configuring IPSec 49
- Creating Crypto Access Lists 51
- Verifying Crypto Access Lists 51
- Defining Transform Sets 52
- Step 3—Configuring Encryption 54
- Verifying Transform Sets 55
- Creating Crypto Map Entries 58
- Verifying Crypto Map Entries 59
- To verify the configuration: 65
- Extranet VPN Business 73
- 67890 address 172.17.2.4 83
- Tunnel mode 88
- Transport mode 88
- Configuring Crypto Maps 89
- Configuring Crypto Maps 93
Relacionado con productos y manuales para Redes Cisco 7100 Series
Redes Cisco VPN 3000 Manual de usuario
(25 paginas)
(25 paginas)
Redes Cisco MCS 7835 Series Manual de usuario
(9 paginas)
(9 paginas)
Redes Cisco 1802W Manual de usuario
(40 paginas)
(40 paginas)
Redes Cisco 4500M Guía de instalación
(32 paginas)
(32 paginas)
Redes Cisco 7120-4T1 - 7120 Router Especificaciones
(24 paginas)
(24 paginas)
Redes Cisco VPN 3000 Guía de usuario
(502 paginas)
(502 paginas)
Redes Cisco EF3116 Manual de usuario
(8 paginas)
(8 paginas)
Redes Cisco 826 Manual de usuario
(8 paginas)
(8 paginas)
Redes Cisco 1861 Manual de usuario
(13 paginas)
(13 paginas)
Redes Cisco TES301 Manual de usuario
(52 paginas)
(52 paginas)
Redes Cisco MGBSX1 Manual de usuario
(16 paginas)
(16 paginas)
Redes Cisco 1005 - 1005 Router Manual de usuario
(10 paginas)
(10 paginas)
Redes Cisco PA-2FE-TX Especificaciones
(60 paginas)
(60 paginas)
Redes Cisco 880 Series Manual de usuario
(18 paginas)
(18 paginas)
Redes Cisco 2520-RF - 2520 Router Especificaciones
(116 paginas)
(116 paginas)
Redes Cisco EPC3825 Manual de usuario
(8 paginas)
(8 paginas)
Redes Cisco DPC3008 Guía de usuario
(44 paginas)
(44 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.043 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales