Site-to-Site IPSec VPN
The Five Steps in the life of an IPSec VPN are as follows:
Step 2 : IKE phase 1.
Step 3 : IKE phase 2.
Step 4 : Secure data transfer.
Step 5 : IPsec tunnel termination.
There are five parameters that must be coordinated during IKE phase 1:
i) IKE encryption algorithm (DES, 3DES, or AES)
ii) IKE authentication algorithm (MD5 or SHA-1)
iii) IKE key (preshare, RSA signatures, nonces)
iv) Diffie-Hellman version (1,2, or 5)
v) IKE tunnel lifetime (time and/or byte count)
There are Five parameters must be coordinated during quick mode between IPsec peers : (Phase 2) :
i) IPsec protocol (ESP or AH)
ii) IPsec encryption type (DES, 3DES, or AES)
iii) IPsec authentication (MD5 or SHA-1)
iv) IPsec mode (tunnel or transport)
v) IPsec SA lifetime (seconds or kilobytes)
Site-to-Site IPsec Configuration Steps :
Step 1 : Configure the ISAKMP policy (IKE phase 1).
Step 2 : Configure the IPsec transform sets (IKE phase 2, tunnel termination).
Step 3 : Configure the crypto ACL (interesting traffic, secure data transfer).
Step 4 : Configure the crypto map (IKE phase 2).
Step 5 : Apply the crypto map to interface (IKE phase 2).
Step 6 : Configure the interface ACL.
কোন মন্তব্য নেই:
একটি মন্তব্য পোস্ট করুন