Scribd
Upload
139 views14 pages

How To Configure Site-To-Site IKEv2 IPSec VPN Using Pre-Shared Key Authentication

The document describes how to configure a site-to-site IPSec VPN between two routers using IKEv2 and pre-shared key authentication. It involves setting hostnames and domains for each router, defining IKEv2 keyrings and policies, creating IPSec proposals and profiles, applying crypto maps to interfaces, and addressing for site-to-site connectivity.

Uploaded by

Coolzero Coolzero
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
139 views14 pages

How To Configure Site-To-Site IKEv2 IPSec VPN Using Pre-Shared Key Authentication

The document describes how to configure a site-to-site IPSec VPN between two routers using IKEv2 and pre-shared key authentication. It involves setting hostnames and domains for each router, defining IKEv2 keyrings and policies, creating IPSec proposals and profiles, applying crypto maps to interfaces, and addressing for site-to-site connectivity.

Uploaded by

Coolzero Coolzero
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

Full Episodes - All Seasons

2 of 14 10/19/2022, 7:30 AM
How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname OmniSecuR1
OmniSecuR1(config)#exit
OmniSecuR1#

OmniSecuR1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
OmniSecuR1(config)#ip domain-name omnisecu.com
OmniSecuR1(config)#exit
OmniSecuR1#

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname OmniSecuR2
OmniSecuR2(config)#exit
OmniSecuR2#

OmniSecuR2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
OmniSecuR2(config)#ip domain-name omnisecu.com
OmniSecuR2(config)#exit

3 of 14 10/19/2022, 7:30 AM
OmniSecuR1#configure terminal
OmniSecuR1(config)#crypto ikev2 keyring KR-1
OmniSecuR1(config-ikev2-keyring)#peer SITE-2
OmniSecuR1(config-ikev2-keyring-peer)#address 192.168.0.2
OmniSecuR1(config-ikev2-keyring-peer)#pre-shared-key OmniSecuDotCom
OmniSecuR1(config-ikev2-keyring-peer)#exit
OmniSecuR1(config-ikev2-keyring)#exit
OmniSecuR1(config)#exit
OmniSecuR1#

OmniSecuR2#configure terminal
OmniSecuR2(config)#crypto ikev2 keyring KR-1
OmniSecuR2(config-ikev2-keyring)#peer SITE-1
OmniSecuR2(config-ikev2-keyring-peer)#address 192.168.0.1
OmniSecuR2(config-ikev2-keyring-peer)#pre-shared-key OmniSecuDotCom
OmniSecuR2(config-ikev2-keyring-peer)#exit
OmniSecuR2(config-ikev2-keyring)#exit
OmniSecuR2(config)#exit
OmniSecuR2#

OmniSecuR1#configure terminal
OmniSecuR1(config)#crypto ikev2 proposal PROP-SITE2
OmniSecuR1(config-ikev2-proposal)#encryption aes-cbc-256
OmniSecuR1(config-ikev2-proposal)#integrity sha512
OmniSecuR1(config-ikev2-proposal)#group 24
OmniSecuR1(config-ikev2-proposal)#exit
OmniSecuR1(config)#exit
OmniSecuR1#

OmniSecuR2#configure terminal
OmniSecuR2(config)#crypto ikev2 proposal PROP-SITE1
OmniSecuR2(config-ikev2-proposal)#encryption aes-cbc-256
OmniSecuR2(config-ikev2-proposal)#integrity sha512
OmniSecuR2(config-ikev2-proposal)#group 24
OmniSecuR2(config-ikev2-proposal)#exit
OmniSecuR2(config)#exit
OmniSecuR2#
How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

OmniSecuR1#configure terminal
OmniSecuR1(config)#crypto ikev2 policy POL-SITE2
OmniSecuR1(config-ikev2-policy)#proposal PROP-SITE2
OmniSecuR1(config-ikev2-policy)#exit
OmniSecuR1(config)#exit
OmniSecuR1#

OmniSecuR2#configure terminal
OmniSecuR2(config)#crypto ikev2 policy POL-SITE1
OmniSecuR2(config-ikev2-policy)#proposal PROP-SITE1
OmniSecuR2(config-ikev2-policy)#exit
OmniSecuR2(config)#exit
OmniSecuR2#

5 of 14 10/19/2022, 7:30 AM
How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

OmniSecuR1#configure terminal
OmniSecuR1(config)#ip access-list extended SITE1-SITE2-CACL
OmniSecuR1(config-ext-nacl)#permit ip 172.16.0.0 0.0.255.255 172.17.0.0 0.0.255.255
OmniSecuR1(config-ext-nacl)#exit
OmniSecuR1(config)#exit
OmniSecuR1#

OmniSecuR2#configure terminal
OmniSecuR2(config)#ip access-list extended SITE2-SITE1-CACL
OmniSecuR2(config-ext-nacl)#permit ip 172.17.0.0 0.0.255.255 172.16.0.0 0.0.255.255
OmniSecuR2(config-ext-nacl)#exit
OmniSecuR2(config)#exit
OmniSecuR2#

OmniSecuR1#configure terminal
OmniSecuR1(config)#crypto ipsec transform-set SITE2-TS esp-aes esp-sha512-hmac
OmniSecuR1(cfg-crypto-trans)#exit
OmniSecuR1(config)#exit
OmniSecuR1#f

OmniSecuR2#configure terminal
OmniSecuR2(config)#crypto ipsec transform-set SITE1-TS esp-aes esp-sha512-hmac
OmniSecuR2(cfg-crypto-trans)#exit
OmniSecuR2(config)#exit
OmniSecuR2#

OmniSecuR1#configure terminal
OmniSecuR1(config)#crypto ikev2 profile SITE2-PROFILE
OmniSecuR1(config-ikev2-profile)#match identity remote address 192.168.0.2 255.255.255.255
OmniSecuR1(config-ikev2-profile)#authentication local pre-share
OmniSecuR1(config-ikev2-profile)#authentication remote pre-share
OmniSecuR1(config-ikev2-profile)#keyring local KR-1
OmniSecuR1(config-ikev2-profile)#exit
OmniSecuR1(config)#exit
OmniSecuR1#

OmniSecuR2#configure terminal
OmniSecuR2(config)#crypto ikev2 profile SITE1-PROFILE
OmniSecuR2(config-ikev2-profile)#match identity remote address 192.168.0.1 255.255.255.255
OmniSecuR2(config-ikev2-profile)#authentication local pre-share
OmniSecuR2(config-ikev2-profile)#authentication remote pre-share
OmniSecuR2(config-ikev2-profile)#keyring local KR-1
OmniSecuR2(config-ikev2-profile)#exit
OmniSecuR2(config)#exit
OmniSecuR2#

6 of 14 10/19/2022, 7:30 AM
How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

OmniSecuR1#configure terminal
OmniSecuR1(config)#crypto map CMAP-SITE2 10 ipsec-isakmp
OmniSecuR1(config-crypto-map)#set peer 192.168.0.2
OmniSecuR1(config-crypto-map)#set pfs group24
OmniSecuR1(config-crypto-map)#set security-association lifetime seconds 3600
OmniSecuR1(config-crypto-map)#set transform-set SITE2-TS
OmniSecuR1(config-crypto-map)#set ikev2-profile SITE2-PROFILE
OmniSecuR1(config-crypto-map)#match address SITE1-SITE2-CACL
OmniSecuR1(config-crypto-map)#exit
OmniSecuR1(config)#exit

OmniSecuR2#configure terminal
OmniSecuR2(config)#crypto map CMAP-SITE1 10 ipsec-isakmp
OmniSecuR2(config-crypto-map)#set peer 192.168.0.1
OmniSecuR2(config-crypto-map)#set pfs group24
OmniSecuR2(config-crypto-map)#set security-association lifetime seconds 3600
OmniSecuR2(config-crypto-map)#set transform-set SITE1-TS
OmniSecuR2(config-crypto-map)#set ikev2-profile SITE1-PROFILE
OmniSecuR2(config-crypto-map)#match address SITE2-SITE1-CACL
OmniSecuR2(config-crypto-map)#exit
OmniSecuR2(config)#exit
OmniSecuR2#

OmniSecuR1#configure terminal
OmniSecuR1(config)#interface gi0/0
OmniSecuR1(config-if)#crypto map CMAP-SITE2
OmniSecuR1(config-if)#exit
OmniSecuR1(config)#exit
OmniSecuR1#

OmniSecuR2#configure terminal
OmniSecuR2(config)#interface gi0/0
OmniSecuR2(config-if)#crypto map CMAP-SITE1
OmniSecuR2(config-if)#exit
OmniSecuR2(config)#exit
OmniSecuR2#

report this ad

7 of 14 10/19/2022, 7:30 AM
report this ad
How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

9 of 14 10/19/2022, 7:30 AM
How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

10 of 14 10/19/2022, 7:30 AM
How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

11 of 14 10/19/2022, 7:30 AM
How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

12 of 14 10/19/2022, 7:30 AM
How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

report this ad

13 of 14 10/19/2022, 7:30 AM
How to configure Site-to-Site IKEv2 IPSec VPN using Pre-Shared Key Authentication https://www.omnisecu.com/ccna-security/how-to-configure-site-to-site-ikev2-ipsec-vpn-using-pre-s...

14 of 14 10/19/2022, 7:30 AM

You might also like