Key expire after 86400 seconds Router(config)#crypto ipsec security-association lifetime seconds 86400ĪCL called Ramzy to tell which traffic will use the VPN tunnel Router(config)#ip access-list extended ramzy
Set transform-set called Yasser and esp is the protocol that will be used, you can use AH on an internal VPN Router(config)#crypto ipsec transform-set yasser esp-aes esp-sha-hmac Use Diffie hellman group 2 Router(config-isakmp)#group 2Ġ is the key that will be used with the next site, next site IP address 11.0.0.1, and note on packet tracer you use 0.0.0.0 instead of subnet mask Router(config)#crypto isakmp key 0 address 11.0.0.1 0.0.0.0 Use hash algorithm SHA for data integrity Router(config-isakmp)#hash sha
Use symmetric encryption AES Router(config-isakmp)#encryption aes Use shared key authentication method (if using certification use RSA-sig instead of pre-share) Router(config-isakmp)#authentication pre-share Set new policy with number 1 Router(config)#crypto isakmp policy 1
Configure Router1 using the following commands in the CLI environment.Įnable IPsec Router(config)#crypto isakmp enable