Tasks to Configure IPSec


Task 1 - Prepare for IKE and IPSec

Step 1: Determine IKE (IKE Phase 1) policy Step 2: Determine IPSec (IKE Phase 2) policy Step 3: Check the current configuration Step 4: Ensure that the network works without encryption Step 5: Ensure that access lists are compatible with IPSec Task 2 - Configure IKE

Step 1: Enable or disable IKE Step 2: Create IKE policies Step 3: Configure ISAKMP identity Step 4: Configure preshared keys Step 5: Verify IKE configuration

© 2004 Cisco Systems, Inc. All rights reserved. BCRAN v2.1—5-8

The use of IKE preshared keys for authentication of IPSec sessions is relatively easy to configure, yet does not scale well for a large number of IPSec clients.

The process for configuring IKE preshared keys in Cisco IOS software for Cisco routers consists of four major tasks. Subsequent lessons of this module discuss each configuration task in more detail. The four major tasks are as follows:

■ Task 1—Prepare for IPSec: This task involves determining the detailed encryption policy. This includes identifying the hosts and networks that you must protect, determining details about the IPSec peers, determining the IPSec features that you need, and ensuring that existing ACLs are compatible with IPSec.

■ Task 2—Configure IKE: This task involves enabling IKE, creating the IKE policies, and validating the configuration.

■ Task 3—Configure IPSec: This task includes defining the transform sets, creating crypto ACLs, creating crypto map entries, and applying crypto map sets to interfaces.

■ Task 4—Test and verify IPSec: Use show, debug, and related commands to test and verify that IPSec encryption works, and to troubleshoot problems.

0 0

Post a comment