General Router VPN setup

Answered Question
Dec 8th, 2007
User Badges:

Hello experts,

I need to connect a VPN with my cisco router to a Cisco Asa version 7.2

I need some guidance to see if this configuration looks about right because I'm confused with the phases 1 & 2:


Phase 1 - Required


PROTOCOL encryption: IPSEC

DIFFE - HELLMAN: GRUPO2

Encrypt algorithm: 3DES

Hashing: SHA

Lifetime: 86400 SEGUNDOS

MODe: MAIN


-- I configured:


crypto isakmp key testkey address 1.1.1.1 no-xauth


crypto isakmp policy 21

encr 3des

authentication pre-share

group 2

* sha doesn't appear because I read it is default

* the lifetime is not appearing

----------------------


Phase 2 - Required


Encapsulation: ESP

Encryption: 3DES

Authentication: SHA

PFS: Group2

Lifetime: 8 Hours

LIfetimeKB: 4608000


-- I configured:


crypto ipsec transform-set test esp-3des esp-sha-hmac

crypto map 3desmap 17 ipsec-isakmp

set peer 1.1.1.1

set transform-set test

set pfs group2

match address acltest



My questions:

1- Is Transform-set phase 2?

2- where do I configure the lifetime of 8 hours?


Thanks



Correct Answer by srue about 9 years 5 months ago

the transform set is phase 2 (and the isakmp policy is phase 1).


You can set lifetime under the isakmp policy. I believe you can leave it as is, and during negotiation if the two peers differ on lifetimes, it should choose the smallest value.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
srue Sat, 12/08/2007 - 19:52
User Badges:
  • Blue, 1500 points or more

the transform set is phase 2 (and the isakmp policy is phase 1).


You can set lifetime under the isakmp policy. I believe you can leave it as is, and during negotiation if the two peers differ on lifetimes, it should choose the smallest value.

Actions

This Discussion