Solved: General Router VPN setup

ranbeckycr · ‎12-08-2007

Hello experts,

I need to connect a VPN with my cisco router to a Cisco Asa version 7.2

I need some guidance to see if this configuration looks about right because I'm confused with the phases 1 & 2:

Phase 1 - Required

PROTOCOL encryption: IPSEC

DIFFE - HELLMAN: GRUPO2

Encrypt algorithm: 3DES

Hashing: SHA

Lifetime: 86400 SEGUNDOS

MODe: MAIN

-- I configured:

crypto isakmp key testkey address 1.1.1.1 no-xauth

crypto isakmp policy 21

encr 3des

authentication pre-share

group 2

* sha doesn't appear because I read it is default

* the lifetime is not appearing

----------------------

Phase 2 - Required

Encapsulation: ESP

Encryption: 3DES

Authentication: SHA

PFS: Group2

Lifetime: 8 Hours

LIfetimeKB: 4608000

-- I configured:

crypto ipsec transform-set test esp-3des esp-sha-hmac

crypto map 3desmap 17 ipsec-isakmp

set peer 1.1.1.1

set transform-set test

set pfs group2

match address acltest

My questions:

1- Is Transform-set phase 2?

2- where do I configure the lifetime of 8 hours?

Thanks

srue · ‎12-08-2007

the transform set is phase 2 (and the isakmp policy is phase 1).

You can set lifetime under the isakmp policy. I believe you can leave it as is, and during negotiation if the two peers differ on lifetimes, it should choose the smallest value.

View solution in original post

srue · ‎12-08-2007

the transform set is phase 2 (and the isakmp policy is phase 1).

You can set lifetime under the isakmp policy. I believe you can leave it as is, and during negotiation if the two peers differ on lifetimes, it should choose the smallest value.