I'm really confused with site-to-site VPN configuration and the theory behind it.
First, what is the real purpose of an IKE? Is this also known as ISAKMP in IOS? In
the book that I'm reading, it says that IKE is used to establish all the information
needed for a VPN tunnel. Within IKE, you negotiate your security policies, establish
SAs, and create keys that will be used by other algorithms such as DES.
What does that really mean? In IOS, there's a sub-interface after issuing "crypto
isakmp policy" command. Where you will configure something like:
What are these values? From my understanding, IKE will establish the tunnel using these protocols. The tunnel will use 3des and md5 hash to establish the link? Am I right? Then what will happen after establishing the tunnel? Is this just the purpose of IKE?
Next, I think I got this one but I just want to verify this to you guys. The crypto map command.
crypto map s2s 10 ipsec-isakmp ---> what is the purpose of the ipsec-isakmp on the end?
match address ----> so these are the interesting traffic right?
set peer 184.108.40.206 -----> the vpn tunnel peer?
set transform-set xxx ----> transform set as defined in crypto ipsec transform-set command?
So, does the crypto map defines the encryption of the data that will pass thru the tunnel? Then the method of encryption and authentication will depend on the crypto ipsec transform-set options?
Sorry for a very long question. The ISAKMP really confuses me. Even the ipsec-isakmp command for cyrpto map confuses me.
Can someone please help?