Cisco Cisco 4G LTE Enhanced High-Speed WAN Interface Cards for Europe
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 31 of 63
!
crypto isakmp policy 1
encr 3des
authentication pre-share
!
!defines the IKE policy (with priority 1), specifies 3DES during IKE negotiation,
and
and
!authentication as pre-shared, using pre-defined keys. The values for lifetime
(set to
(set to
!86,400 sec – one day), group (set to 768 bit Diffie-Hellman), and Hash (set to
SHA-1)
SHA-1)
!are set to their default values.
!
!
crypto isakmp key mykey address 20.20.241.234
!
!defines the key (mykey) and the IP address of the gateway
! (IPsec peer) with which the Security Association will be set
!
crypto ipsec transform-set mytransformset ah-sha-hmac esp-3des
!
!defines the transform set (mytransformset), which is an acceptable combination
of
of
!security protocols, algorithms, and other settings to apply to IPsec-protected
!traffic.
!traffic.
!
crypto map lte 10 ipsec-isakmp
set peer 20.20.241.234
set transform-set mytransformset
match address 101
!defines the crypto map lte
!crypto map specifies the traffic to be protected (using match address !<access-
list> !command); the peer end-point to be used, and the !transform set to use
!(mytransformset, defined earlier).
list> !command); the peer end-point to be used, and the !transform set to use
!(mytransformset, defined earlier).
!
interface Loopback1
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/1/0
switchport access vlan 104