Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Smart Defaults:
o The FlexVPN configuration can be minimized using the IKEv2 Smart Defaults.
o These specify default values for all components except IKEv2 Profile & Keyring.
o The Smart defaults configuration can be modified as per your requirements.
o The Smart defaults can be displayed if use the command “show running-config all“.
o The default configuration can be disabled by using “no” before the command.
o The default mode for the default transform set is “Transport“, mode.
o Whereas all other transform sets the default mode is “Tunnel“ mode.
Show Command Description
R# show crypto ipsec transform-set default Display default setting of Transform Set
R# show crypto ipsec profile default Display default setting of IPSec Profile
R# show crypto ikev2 proposal default Display default IKEv2 Proposal
R# show crypto ikev2 policy default Display default IKEv2 Policy
R# show crypto ikev2 authorization policy default Display default IKEv2 Authorization Policy
Static Routing
R1(config)#ip route 2.2.2.2 255.255.255.255 tunnel0
R2(config)#ip route 1.1.1.1 255.255.255.255 tunnel0
R1 to R4 SVTI Configuration
R1(config)#crypto ikev2 proposal pro1
R1(config-ikev2-proposal)#encryption 3des
R1(config-ikev2-proposal)#integrity md5
R1(config-ikev2-proposal)#group 2
R1(config)#crypto ikev2 policy pol1
R1(config-ikev2-policy)#proposal pro1
R1(config)#crypto ikev2 keyring key1
R1(config-ikev2-keyring)#peer R4
R1(config-ikev2-keyring-peer)#address 11.11.11.4
R1(config-ikev2-keyring-peer)#pre-shared-key local cisco
R1(config-ikev2-keyring-peer)#pre-shared-key remote cisco
R1(config-ikev2-keyring)#crypto ikev2 profile prof1
R1(config-ikev2-profile)# identity remote address 11.11.11.4 255.255.255.255
R1(config-ikev2-profile)#identity local address 11.11.11.1
R1(config-ikev2-profile)#authentication local pre-share
R1(config-ikev2-profile)#authentication remote pre-share
R1(config-ikev2-profile)#keyring local key1
R1(config)#crypto ipsec transform-set TSET esp-aes 256 esp-sha-hmac
R1(config)#crypto ipsec profile ipprof1
R1(ipsec-profile)#set transform-set TSET
R1(ipsec-profile)#set ikev2-profile prof1
R1(config)#interface tunnel 1
R1(config-if)#ip unnumbered loopback 4
R1(config-if)#tunnel source f1/0
R1(config-if)#tunnel mode ipsec ipv4
R1(config-if)#tunnel destination 11.11.11.4
R1(config-if)#tunnel protection ipsec profile ipprof1
R1(config)#router eigrp 1
R1(config-router)#network 192.168.1.0
R1(config-router)#network 10.10.1.0 0.0.0.255