12-08-2007 04:27 PM - edited 02-21-2020 03:25 PM
Hello experts,
I need to connect a VPN with my cisco router to a Cisco Asa version 7.2
I need some guidance to see if this configuration looks about right because I'm confused with the phases 1 & 2:
Phase 1 - Required
PROTOCOL encryption: IPSEC
DIFFE - HELLMAN: GRUPO2
Encrypt algorithm: 3DES
Hashing: SHA
Lifetime: 86400 SEGUNDOS
MODe: MAIN
-- I configured:
crypto isakmp key testkey address 1.1.1.1 no-xauth
crypto isakmp policy 21
encr 3des
authentication pre-share
group 2
* sha doesn't appear because I read it is default
* the lifetime is not appearing
----------------------
Phase 2 - Required
Encapsulation: ESP
Encryption: 3DES
Authentication: SHA
PFS: Group2
Lifetime: 8 Hours
LIfetimeKB: 4608000
-- I configured:
crypto ipsec transform-set test esp-3des esp-sha-hmac
crypto map 3desmap 17 ipsec-isakmp
set peer 1.1.1.1
set transform-set test
set pfs group2
match address acltest
My questions:
1- Is Transform-set phase 2?
2- where do I configure the lifetime of 8 hours?
Thanks
Solved! Go to Solution.
12-08-2007 07:52 PM
the transform set is phase 2 (and the isakmp policy is phase 1).
You can set lifetime under the isakmp policy. I believe you can leave it as is, and during negotiation if the two peers differ on lifetimes, it should choose the smallest value.
12-08-2007 07:52 PM
the transform set is phase 2 (and the isakmp policy is phase 1).
You can set lifetime under the isakmp policy. I believe you can leave it as is, and during negotiation if the two peers differ on lifetimes, it should choose the smallest value.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: