Professional Documents
Culture Documents
I.
Syntax:
FW(config-t)# isakmp policy <policy number>authentication <preshared/RSASignature>
II.
Syntax:
FW(config-t)# isakmp policy <policy number> encryption <DES/3DES/AES>
III.
IV.
Syntax:
FW(config-t)# isakmp policy <policy number> hash <SHA-1HMAC/MD5-HMAC>
V.
Enable ISAKMP
ISAKMP Internet Security and Key Management Protocol
Syntax:
FW(config-t)# isakmp identify address (If we use RSA-Signature in
Authentication)
FW(config-t)# isakmp key <pre-shared key> <ip address>
netmask<Netmask>
IP Address : outside Ip adreess of the other end.
Verify the configuration with
Show isakmp
Show isakmp policy
Step 3: Configuring IPSec(phase-2)
I.
Syntax:
FW(config-t)# access-list <access-list number> permit ip
<ipaddress1>
<Netmask1> <ipaddress2> <Netmask2>
ipaddress1 Lan segment from our side
Netmask1 Netmask of ipaddress1
ipaddress2 - Lan segment of the other side
Netmask2 - Netmask of ipaddress2
II.
Syntax:
FW(config-t)# crypto IPSec transform-set <set-name> <espdes/3des/aes> {esp<md5/sha-1>-hmac}
III.
Syntax:
FW(config-t)# crypto map <Number> ipsec-isakmp
Number The policy number which we have given in step 2
FW(config-t)# crypto map <Number> match address <Access list
number>
Access list number the number is step 3.1
FW(config-t)# crypto map <Number> transform-set <set-name>
set-name the name given in step 3.2
FW(config-t)# crypto map <Number> set peer <Ip address>
Ip address outside IP address of the end.
V.
Apply crypto map set to outside interface.
Syntax:
FW(config-t)# crypto map interface outside.
VI.
Example :
Inside -
FW
1
Outside
Inter
net
Outside -
FW
2
Inside 10.5.6.1
LAN 2
10.5.6.0/2
FW1:
# isakmp policy 123 authentication pre-share
# isakmp policy 123 encryption 3des
# isakmp policy 123 group 2
# isakmp policy 123 hash md5-hmac
# isakmp enable outside
# isakmp key ABCDEFG 14.15.16.17 255.255.255.0
LAN1
172.23.9.0/
C:\>ping 10.128.6.100
alarms to check , reset the modem, which alarm light , which led off and on
can be local contact.