Steps to create IPSEC VPN:
– define ISAKMP Policies
– define ISAKMP preshared key (if authentication method is Pre-share)
– define IPSEC Transform Sets
– define IPSEC security associations
– define interesting traffic through Proxy Identity (or crypto ACL)
– link crypto ACL and IPSEC TS with a Crypto Map
– put the crypto map under the Internet-facing interface

configuring IPSEC VPN between R2 and R3
There was a problem at first. Debug command helped see the error:
We look back at the configuration on both R2 and R3 and discover that “set transform-set” is missing on R3:

We corrected the problem and did a ping from R2 to R3.

IPSEC VPN in area 34
I created an IPv4 IPSEC VPN between R3 and R4. This is IPv4.

show crypto map

Show crypto map interface …
show crypto session

show crypto session detail

Show crypto ipsec sa interface …

– non-interesting traffic does not bring the VPN up. To prove that, we did a debug of ipsec on R3, and we issued a ping from a non interesting interface on R4:

Leave a Reply

Your email address will not be published. Required fields are marked *