Cisco Systems OL-6426-02 Benutzerhandbuch
B E TA D R A F T - C I S C O C O N F I D E N T I A L
6-7
Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide
OL-6426-02
Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel
Configure the IPSec Crypto Method and Parameters
Perform these steps to specify the IPSec transform set and protocols, beginning in global configuration
mode:
mode:
Note
With manually established security associations, there is no negotiation with the peer, and both sides
must specify the same transform set.
must specify the same transform set.
Configure the IPSec Crypto Method and Parameters
A dynamic crypto map policy processes negotiation requests for new security associations from remote
IPSec peers, even if the router does not know all the crypto map parameters (for example, IP address).
IPSec peers, even if the router does not know all the crypto map parameters (for example, IP address).
Perform these steps to configure the IPSec crypto method, beginning in global configuration mode:
Command or Action
Purpose
Step 1
crypto ipsec transform-set transform-set-name
transform1 [transform2] [transform3]
[transform4]
transform1 [transform2] [transform3]
[transform4]
Example:
Router(config)# crypto ipsec transform-set
vpn1 esp-3des esp-sha-hmac
Router(config)#
Defines a transform set—an acceptable
combination of IPSec security protocols and
algorithms.
combination of IPSec security protocols and
algorithms.
See the
for detail about the valid transforms and
combinations.
combinations.
Step 2
crypto ipsec security-association lifetime
{seconds seconds | kilobytes kilobytes}
{seconds seconds | kilobytes kilobytes}
Example:
Router(config)# crypto ipsec
security-association lifetime seconds 86400
Router(config)#
Specifies global lifetime values used when IPSec
security associations are negotiated.
security associations are negotiated.
See the
for details.
Command or Action
Purpose
Step 1
crypto dynamic-map dynamic-map-name
dynamic-seq-num
dynamic-seq-num
Example:
Router(config)# crypto dynamic-map dynmap 1
Router(config-crypto-map)#
Creates a dynamic crypto map entry and enters
crypto map configuration mode.
crypto map configuration mode.
See the
for more detail about this command.
Step 2
set transform-set transform-set-name
[transform-set-name2...transform-set-name6]
[transform-set-name2...transform-set-name6]
Example:
Router(config-crypto-map)# set
transform-set vpn1
Router(config-crypto-map)#
Specifies which transform sets can be used with
the crypto map entry.
the crypto map entry.