Cisco 7100 Series Especificaciones Pagina 84
- Pagina / 112
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Step 2—Configuring Encryption and an IPSec Tunnel
Cisco 7100 Series VPN Configuration Guide
4-12
5 Defining Transform Sets and Configuring IPSec Tunnel Mode
6 Verifying Transform Sets and IPSec Tunnel Mode
Note IKE uses User Datagram Protocol (UDP) port 500. The IPSec encapsulating
security payload (ESP) and authentication header (AH) protocols use IP protocol numbers
50 and 51. Ensure that your access lists are configured so that IP protocol 50, 51, and UDP
port 500 traffic is not blocked at interfaces used by IPSec. In some cases, you might need
to add a statement to your access lists to explicitly permit this traffic.
Creating Crypto Access Lists
Crypto access lists are used to define which IP trafficwill beprotected by crypto and which
traffic will not beprotected bycrypto. (These accesslists arenot the sameas regular access
lists, which determine what traffic to forward or block at an interface.) For example, you
can create access lists to protect all IP traffic between the headquarters router and business
partner router.
The access lists themselves are not specific to IPSec. It is the crypto map entry referencing
the specific access list that defines whether IPSec processing is applied to the traffic
matching a permit in the access list.
To create crypto a access list, enter the following command in global configuration mode:
Command Purpose
hq-sanjose(config)# access-list 111 permit
ip host 10.2.2.2 host 10.1.5.3
Specify conditions to determine which IP packets are
protected.
1
(Enable or disable crypto for traffic that
matches these conditions.) This example configures
access list 111 to encrypt all IP traffic between the
headquarters Web server (translated inside global IP
address 10.2.2.2) and PC B (IP address 10.1.5.3) in the
business partner office.
We recommend that you configure “mirror image” crypto
access lists for use by IPSec and that you avoid using the
any keyword.
1 You specify conditions using an IP access list designated by either a number or a name. The access-list command designates a
numbered extended access list; the ip access-list extended command designates a named access list.
- Cisco 7100 Series VPN 1
- Configuration Guide 1
- Preface vii 3
- Audience 4
- Organization 5
- Related Documentation 6
- Preface xi 7
- Conventions 8
- Cisco Connection Online 9
- Documentation CD-ROM 10
- Using Cisco IOS Software 11
- Getting Help 12
- Finding Command Options 13
- • controller t1 1 13
- Understanding Command Modes 18
- Summary of Main Command Modes 19
- Router(config-if)# 20
- Router(config-subif)# 20
- Saving Configuration Changes 21
- Saving Configuration Changes 22
- Before You Begin 23
- Considerations 25
- Before You Begin 2-5 27
- Assumptions 29
- Intranet VPN Business 31
- Scenario 31
- Scenario Description 32
- Step 1—Configuring the Tunnel 34
- Step 1—Configuring the Tunnel 35
- Step 3—Configuring Encryption 41
- Configuring IKE Policies 43
- Creating Policies 44
- • RSA signatures method: 45
- Configuring Preshared Keys 46
- Verifying IKE Policies 48
- Configuring IPSec 49
- Creating Crypto Access Lists 51
- Verifying Crypto Access Lists 51
- Defining Transform Sets 52
- Step 3—Configuring Encryption 54
- Verifying Transform Sets 55
- Creating Crypto Map Entries 58
- Verifying Crypto Map Entries 59
- To verify the configuration: 65
- Extranet VPN Business 73
- 67890 address 172.17.2.4 83
- Tunnel mode 88
- Transport mode 88
- Configuring Crypto Maps 89
- Configuring Crypto Maps 93
Relacionado con productos y manuales para Redes Cisco 7100 Series
Redes Cisco VPN 3000 Manual de usuario
(25 paginas)
(25 paginas)
Redes Cisco MCS 7835 Series Manual de usuario
(9 paginas)
(9 paginas)
Redes Cisco 1802W Manual de usuario
(40 paginas)
(40 paginas)
Redes Cisco 4500M Guía de instalación
(32 paginas)
(32 paginas)
Redes Cisco 7120-4T1 - 7120 Router Especificaciones
(24 paginas)
(24 paginas)
Redes Cisco VPN 3000 Guía de usuario
(502 paginas)
(502 paginas)
Redes Cisco EF3116 Manual de usuario
(8 paginas)
(8 paginas)
Redes Cisco 826 Manual de usuario
(8 paginas)
(8 paginas)
Redes Cisco 1861 Manual de usuario
(13 paginas)
(13 paginas)
Redes Cisco TES301 Manual de usuario
(52 paginas)
(52 paginas)
Redes Cisco MGBSX1 Manual de usuario
(16 paginas)
(16 paginas)
Redes Cisco 1005 - 1005 Router Manual de usuario
(10 paginas)
(10 paginas)
Redes Cisco PA-2FE-TX Especificaciones
(60 paginas)
(60 paginas)
Redes Cisco 880 Series Manual de usuario
(18 paginas)
(18 paginas)
Redes Cisco 2520-RF - 2520 Router Especificaciones
(116 paginas)
(116 paginas)
Redes Cisco EPC3825 Manual de usuario
(8 paginas)
(8 paginas)
Redes Cisco DPC3008 Guía de usuario
(44 paginas)
(44 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.062 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales