Site to site IKEv2 tunnel

Posted on by clucas

Hello guys,

Here it is a tips / reminder how to implement an site-ot-site IKEv2 tunnel :

crypto ikev2 proposal aes-cbc-256-proposal 
 encryption aes-cbc-256
 integrity sha1
 group 2
crypto ikev2 policy policy1 
 match address local x.x.x.x
 proposal aes-cbc-256-proposal
crypto ikev2 keyring v2-kr1
 peer abc
  address y.y.y.y
  pre-shared-key somesecretpass
 !
crypto ikev2 profile profile1
 description IKEv2 profile
 match address local x.x.x.x
 match identity remote address y.y.y.y 255.255.255.255 
 authentication local pre-share
 authentication remote pre-share
 keyring v2-kr1

crypto ipsec transform-set myset esp-des esp-md5-hmac 

crypto map mymap 20 ipsec-isakmp 
 set peer y.y.y.y
 set security-association lifetime seconds 27000
 set transform-set ESP-AES-SHA 
 set ikev2-profile profile1
 match address 120

With ACL 120 is your flows / SA and your implement your crypto map on your WAN interface.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.