Cisco 7100 Series Especificaciones descargar pdf (Pagina 59)

Intranet VPN Business Scenario 3-29

Configuring Crypto Maps

Verifying Crypto Map Entries

To verify the conﬁguration:

• Enter the show crypto map EXEC command to see the crypto map entries conﬁgured

on the router.

In the following example, peer 172.17.2.5 is the IP address of the remote IPSec peer.

“Extended IP access list 101” lists the access list associated with the crypto map.

“Current peer” indicates the current IPSec peer. “Security-association lifetime”

indicates the lifetime of the SA. “PFS N” indicates that IPSec will not negotiate perfect

forward secrecy when establishing new SAs for this crypto map. “Transform sets”

indicates the name of the transform set that can be used with the crypto map.

hq-sanjose# show crypto map

Crypto Map: “s1first” idb: Serial1/0 local address: 172.17.2.4

Crypto Map “s1first” 1 ipsec-isakmp

Peer = 172.17.2.5

Extended IP access list 101

access-list 101 permit gre

source: addr = 172.17.2.4/255.255.255.0

dest: addr = 172.17.2.5/255.255.255.0

Current peer: 172.17.2.5

Security-association lifetime: 4608000 kilobytes/3600 seconds

PFS (Y/N): N

Transform sets={proposal1,}

hq-sanjose(config-crypto-map)# set transform-set

proposal1

Specify which transform sets are

allowed for this crypto map entry. List

multiple transform sets in order of

priority (highest priority ﬁrst). This

example speciﬁes transform set

proposal1, which was conﬁgured in the

“Deﬁning Transform Sets” section on

page 3-22.

hq-sanjose(config-crypto-map)# exit

hq-sanjose(config)#

Exit back to global conﬁguration mode.

Step Command Purpose

1 2 ... 54 55 56 57 58 59 60 61 62 63 64 ... 111 112

Sin comentarios

Cisco 7100 Series Especificaciones Pagina 59