- In part 1 I laid out the general configuration that I will be disusing through this series of posts.
- In Part 2 I discussed ISAKMP polices.
- Part 3 I discussed Transform-sets
- Part 3 I will wrap it up and go over the last parts.
As we are using a pre-shared key we need to define that. in practice you will want to use a much better key than vpnuser.
crypto isakmp key vpnuser address 172.16.1.1
We will be using a access-list to match on traffic we would like to go through the tunnel. Nothing extensive here just a basic ACL.
access-list 100 permit ip 172.16.2.0 0.0.0.255 10.1.1.0 0.0.0.255
One thing to note any traffic not bound to the remote end of the tunnel will not be encrypted.
Our crypto map is what will tie all of these together and be used to apply them to an interface.
crypto map mymap 10 ipsec-isakmp set peer 172.16.1.1 ! Remote end of the tunnel set transform-set myset ! using the transform set we defined earlier. match address 100 ! encrypt any traffic matching this ACL
The 10 is the priority number this would come into play if you have multiple crypto maps.
The last part is applying this map to an interface
interface FastEthernet0/1 ip address 10.0.0.2 255.255.255.0 crypto map mymap
This is the end of this multi part guide. I hope that you found this helpful. In the future I will be doing some posts about using RSA keys vs pre-shared keys.