Scribd Logo
Upload

Welcome to Scribd!

  • 42 views

    How To Configure Site-To-Site IKEv2 IPSec VPN Using Pre-Shared Key Authentication

    Uploaded by

    Coolzero Coolzero
    The document describes how to configure a site-to-site IPSec VPN between two routers using IKEv2 and pre-shared key authentication. It involves setting hostnames and domains for each router, defining IKEv2 keyrings and policies, creating IPSec proposals and profiles, applying crypto maps to interfaces, and addressing for site-to-site connectivity.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    How To Configure Site-To-Site IKEv2 IPSec VPN Using Pre-Shared Key Authentication

    Uploaded by

    Coolzero Coolzero
    42 views14 pages
    The document describes how to configure a site-to-site IPSec VPN between two routers using IKEv2 and pre-shared key authentication. It involves setting hostnames and domains for each router, defining IKEv2 keyrings and policies, creating IPSec proposals and profiles, applying crypto maps to interfaces, and addressing for site-to-site connectivity.

    Original Description:

    How to Configure Site-To-Site IKEv2 IPSec

    Original Title

    How to Configure Site-To-Site IKEv2 IPSec VPN Using Pre-Shared Key Authentication

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document describes how to configure a site-to-site IPSec VPN between two routers using IKEv2 and pre-shared key authentication. It involves setting hostnames and domains for each router, defining IKEv2 keyrings and policies, creating IPSec proposals and profiles, applying crypto maps to interfaces, and addressing for site-to-site connectivity.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    42 views14 pages

    How To Configure Site-To-Site IKEv2 IPSec VPN Using Pre-Shared Key Authentication

    Uploaded by

    Coolzero Coolzero
    The document describes how to configure a site-to-site IPSec VPN between two routers using IKEv2 and pre-shared key authentication. It involves setting hostnames and domains for each router, defining IKEv2 keyrings and policies, creating IPSec proposals and profiles, applying crypto maps to interfaces, and addressing for site-to-site connectivity.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 14

    How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

    Full Episodes - All Seasons

    2 of 14 10/19/2022, 7:30 AM
    How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

    Router#configure terminal
    Enter configuration commands, one per line. End with CNTL/Z.
    Router(config)#hostname OmniSecuR1
    OmniSecuR1(config)#exit
    OmniSecuR1#

    OmniSecuR1#configure terminal
    Enter configuration commands, one per line. End with CNTL/Z.
    OmniSecuR1(config)#ip domain-name omnisecu.com
    OmniSecuR1(config)#exit
    OmniSecuR1#

    Router#configure terminal
    Enter configuration commands, one per line. End with CNTL/Z.
    Router(config)#hostname OmniSecuR2
    OmniSecuR2(config)#exit
    OmniSecuR2#

    OmniSecuR2#configure terminal
    Enter configuration commands, one per line. End with CNTL/Z.
    OmniSecuR2(config)#ip domain-name omnisecu.com
    OmniSecuR2(config)#exit

    3 of 14 10/19/2022, 7:30 AM
    OmniSecuR1#configure terminal
    OmniSecuR1(config)#crypto ikev2 keyring KR-1
    OmniSecuR1(config-ikev2-keyring)#peer SITE-2
    OmniSecuR1(config-ikev2-keyring-peer)#address 192.168.0.2
    OmniSecuR1(config-ikev2-keyring-peer)#pre-shared-key OmniSecuDotCom
    OmniSecuR1(config-ikev2-keyring-peer)#exit
    OmniSecuR1(config-ikev2-keyring)#exit
    OmniSecuR1(config)#exit
    OmniSecuR1#

    OmniSecuR2#configure terminal
    OmniSecuR2(config)#crypto ikev2 keyring KR-1
    OmniSecuR2(config-ikev2-keyring)#peer SITE-1
    OmniSecuR2(config-ikev2-keyring-peer)#address 192.168.0.1
    OmniSecuR2(config-ikev2-keyring-peer)#pre-shared-key OmniSecuDotCom
    OmniSecuR2(config-ikev2-keyring-peer)#exit
    OmniSecuR2(config-ikev2-keyring)#exit
    OmniSecuR2(config)#exit
    OmniSecuR2#

    OmniSecuR1#configure terminal
    OmniSecuR1(config)#crypto ikev2 proposal PROP-SITE2
    OmniSecuR1(config-ikev2-proposal)#encryption aes-cbc-256
    OmniSecuR1(config-ikev2-proposal)#integrity sha512
    OmniSecuR1(config-ikev2-proposal)#group 24
    OmniSecuR1(config-ikev2-proposal)#exit
    OmniSecuR1(config)#exit
    OmniSecuR1#

    OmniSecuR2#configure terminal
    OmniSecuR2(config)#crypto ikev2 proposal PROP-SITE1
    OmniSecuR2(config-ikev2-proposal)#encryption aes-cbc-256
    OmniSecuR2(config-ikev2-proposal)#integrity sha512
    OmniSecuR2(config-ikev2-proposal)#group 24
    OmniSecuR2(config-ikev2-proposal)#exit
    OmniSecuR2(config)#exit
    OmniSecuR2#
    How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

    OmniSecuR1#configure terminal
    OmniSecuR1(config)#crypto ikev2 policy POL-SITE2
    OmniSecuR1(config-ikev2-policy)#proposal PROP-SITE2
    OmniSecuR1(config-ikev2-policy)#exit
    OmniSecuR1(config)#exit
    OmniSecuR1#

    OmniSecuR2#configure terminal
    OmniSecuR2(config)#crypto ikev2 policy POL-SITE1
    OmniSecuR2(config-ikev2-policy)#proposal PROP-SITE1
    OmniSecuR2(config-ikev2-policy)#exit
    OmniSecuR2(config)#exit
    OmniSecuR2#

    5 of 14 10/19/2022, 7:30 AM
    How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

    OmniSecuR1#configure terminal
    OmniSecuR1(config)#ip access-list extended SITE1-SITE2-CACL
    OmniSecuR1(config-ext-nacl)#permit ip 172.16.0.0 0.0.255.255 172.17.0.0 0.0.255.255
    OmniSecuR1(config-ext-nacl)#exit
    OmniSecuR1(config)#exit
    OmniSecuR1#

    OmniSecuR2#configure terminal
    OmniSecuR2(config)#ip access-list extended SITE2-SITE1-CACL
    OmniSecuR2(config-ext-nacl)#permit ip 172.17.0.0 0.0.255.255 172.16.0.0 0.0.255.255
    OmniSecuR2(config-ext-nacl)#exit
    OmniSecuR2(config)#exit
    OmniSecuR2#

    OmniSecuR1#configure terminal
    OmniSecuR1(config)#crypto ipsec transform-set SITE2-TS esp-aes esp-sha512-hmac
    OmniSecuR1(cfg-crypto-trans)#exit
    OmniSecuR1(config)#exit
    OmniSecuR1#f

    OmniSecuR2#configure terminal
    OmniSecuR2(config)#crypto ipsec transform-set SITE1-TS esp-aes esp-sha512-hmac
    OmniSecuR2(cfg-crypto-trans)#exit
    OmniSecuR2(config)#exit
    OmniSecuR2#

    OmniSecuR1#configure terminal
    OmniSecuR1(config)#crypto ikev2 profile SITE2-PROFILE
    OmniSecuR1(config-ikev2-profile)#match identity remote address 192.168.0.2 255.255.255.255
    OmniSecuR1(config-ikev2-profile)#authentication local pre-share
    OmniSecuR1(config-ikev2-profile)#authentication remote pre-share
    OmniSecuR1(config-ikev2-profile)#keyring local KR-1
    OmniSecuR1(config-ikev2-profile)#exit
    OmniSecuR1(config)#exit
    OmniSecuR1#

    OmniSecuR2#configure terminal
    OmniSecuR2(config)#crypto ikev2 profile SITE1-PROFILE
    OmniSecuR2(config-ikev2-profile)#match identity remote address 192.168.0.1 255.255.255.255
    OmniSecuR2(config-ikev2-profile)#authentication local pre-share
    OmniSecuR2(config-ikev2-profile)#authentication remote pre-share
    OmniSecuR2(config-ikev2-profile)#keyring local KR-1
    OmniSecuR2(config-ikev2-profile)#exit
    OmniSecuR2(config)#exit
    OmniSecuR2#

    6 of 14 10/19/2022, 7:30 AM
    How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

    OmniSecuR1#configure terminal
    OmniSecuR1(config)#crypto map CMAP-SITE2 10 ipsec-isakmp
    OmniSecuR1(config-crypto-map)#set peer 192.168.0.2
    OmniSecuR1(config-crypto-map)#set pfs group24
    OmniSecuR1(config-crypto-map)#set security-association lifetime seconds 3600
    OmniSecuR1(config-crypto-map)#set transform-set SITE2-TS
    OmniSecuR1(config-crypto-map)#set ikev2-profile SITE2-PROFILE
    OmniSecuR1(config-crypto-map)#match address SITE1-SITE2-CACL
    OmniSecuR1(config-crypto-map)#exit
    OmniSecuR1(config)#exit

    OmniSecuR2#configure terminal
    OmniSecuR2(config)#crypto map CMAP-SITE1 10 ipsec-isakmp
    OmniSecuR2(config-crypto-map)#set peer 192.168.0.1
    OmniSecuR2(config-crypto-map)#set pfs group24
    OmniSecuR2(config-crypto-map)#set security-association lifetime seconds 3600
    OmniSecuR2(config-crypto-map)#set transform-set SITE1-TS
    OmniSecuR2(config-crypto-map)#set ikev2-profile SITE1-PROFILE
    OmniSecuR2(config-crypto-map)#match address SITE2-SITE1-CACL
    OmniSecuR2(config-crypto-map)#exit
    OmniSecuR2(config)#exit
    OmniSecuR2#

    OmniSecuR1#configure terminal
    OmniSecuR1(config)#interface gi0/0
    OmniSecuR1(config-if)#crypto map CMAP-SITE2
    OmniSecuR1(config-if)#exit
    OmniSecuR1(config)#exit
    OmniSecuR1#

    OmniSecuR2#configure terminal
    OmniSecuR2(config)#interface gi0/0
    OmniSecuR2(config-if)#crypto map CMAP-SITE1
    OmniSecuR2(config-if)#exit
    OmniSecuR2(config)#exit
    OmniSecuR2#

    report this ad

    7 of 14 10/19/2022, 7:30 AM
    report this ad
    How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

    9 of 14 10/19/2022, 7:30 AM
    How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

    10 of 14 10/19/2022, 7:30 AM
    How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

    11 of 14 10/19/2022, 7:30 AM
    How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

    12 of 14 10/19/2022, 7:30 AM
    How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

    report this ad

    13 of 14 10/19/2022, 7:30 AM
    How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

    14 of 14 10/19/2022, 7:30 AM

    You might also like