Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Ipsec

Hi,

I need to find out in order to configure IPsec such as the following configuration sample, do I need to have a VPN router. Pls help me on the following

1. What if I have two router without VPN modue , can I still configure IPsec

to encryption data flow from one router to the other.

2. What is requirements to configure IPsec, do I need to purchase any

hareware.

crypto isakmp policy 1

hash md5

authentication pre-share

crypto isakmp key cisco123 address 200.1.1.2

!

!--- IPSec policies

crypto ipsec transform-set to_vpn esp-des esp-md5-hmac

!

crypto map to_vpn 10 ipsec-isakmp

set peer 200.1.1.2

set transform-set to_vpn

!--- Traffic to encrypt

match address 101

!

interface FastEthernet0/0

ip address 203.20.20.2 255.255.255.0

ip nat outside

duplex auto

speed auto

crypto map to_vpn

Thanks

  • Other Security Subjects
3 REPLIES
Cisco Employee

Re: Ipsec

Hi,

If you already have a Cisco router, then you can download an IOS image from Cisco's website that has Ipsec feature and You dont have to necessarily have a VPN Module to do IPSec.

Regards,

Arul

New Member

Re: Ipsec

Can you explain what is the function of the "crypto map " command, when should I use this command.

Cisco Employee

Re: Ipsec

Hi,

Crypto map entries created for IPSec pull together the various parts used to set up IPSec security associations, including:

Which traffic should be protected by IPSec (per a crypto access list)

The granularity of the flow to be protected by a set of security associations

Where IPSec-protected traffic should be sent (who the remote IPSec peer is)

The local address to be used for the IPSec traffic

What IPSec security should be applied to this traffic (selecting from a list of one or more transform sets)

Whether security associations are manually established or are established via IKE

Other parameters that might be necessary to define an IPSec security association

You can also refer the below URL for the same:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fipsenc/scfipsec.htm#1001432

Regards,

Arul

88
Views
0
Helpful
3
Replies
This widget could not be displayed.