Documente Academic
Documente Profesional
Documente Cultură
1.All device console username:591lab,password:591lab
2.Hardware Requirements: i7 and 16GB RAM
3.Attention to experiment environment and document device interface
4. Server is running version Server 2008 R2 password:CCie123
5.ISE:username:admin,password:Cisc0123
6.Some options and effects may be inconsistent, because this is a new version
7. This is in unl experiment environment,Lab Guide Using the ESXi.
8.AD server version server 2008 R2 username:admin,password:CCie123
9.unl admin:root,password:unl,web admin:admin,password:unl.
Cisco Flex VPN
Spoke‐1#
crypto ikev2 proposal site1
encryption 3des
integrity sha1
group 2
crypto ipsec transform‐set Trans esp‐3des esp‐sha‐hmac
crypto ikev2 keyring S2S‐KEYRING
peer Spoke‐2
address 209.1.2.2
pre‐shared‐key local cisco123
pre‐shared‐key remote 123cisco
crypto ikev2 profile S2S‐PROFILE
match identity remote address 209.1.2.2 255.255.255.255
authentication remote pre‐share
authentication local pre‐share
keyring local S2S‐KEYRING
crypto ipsec profile default
set ikev2‐profile S2S‐PROFILE
interface Tunnel10
ip address 10.50.1.1 255.255.255.252
tunnel source Ethernet0/2
tunnel destination 209.1.2.2
tunnel mode ipsec ipv4
tunnel protection ipsec profile default
ip route 172.16.0.0 255.255.0.0 tunnel 10
Spoke‐2#
crypto ikev2 proposal site1
encryption 3des
integrity sha1
group 2
crypto ipsec transform‐set Trans esp‐3des esp‐sha‐hmac
crypto ikev2 keyring S2S‐KEYRING
peer Spoke‐2
address 209.1.1.2
pre‐shared‐key local 123cisco
pre‐shared‐key remote cisco123
crypto ikev2 profile S2S‐PROFILE
match identity remote address 209.1.1.2 255.255.255.255
authentication remote pre‐share
authentication local pre‐share
keyring local S2S‐KEYRING
crypto ipsec profile default
set ikev2‐profile S2S‐PROFILE
interface Tunnel10
ip address 10.50.1.2 255.255.255.252
tunnel source Ethernet0/2
tunnel destination 209.1.1.2
tunnel mode ipsec ipv4
tunnel protection ipsec profile default
ip route 172.16.0.0 255.255.0.0 tunnel 10
Test:
Spk‐1‐Host#ping 172.16.2.2
Spk‐2‐Host#ping 172.16.1.2
Spoke‐1/Spoke‐2
show crypto engine connections active
show crypto ikev2 session detail
show crypto ikev2 stats
show crypto ipsec sa