X hits on this document

PDF document

Cisco AVVID Network Infrastructure IP Multicast Design - page 68 / 98

244 views

0 shares

0 downloads

0 comments

68 / 98

Chapter 6

IP Multicast in a Site-to-Site VPN

VPN Deployment Model

VPN Deployment Model

This section describes the Site-to-Site VPN configuration that is used as the foundation for delivering IP multicast. The following topics are discussed:

IKE Configuration IPSec Transform and Protocol Configuration Access List Configuration for Encryption Crypto Map Configuration Applying Crypto Maps Static Route Configuration Figure 6-3 provides a reference for the configuration of both the VPN and the IP multicast deployment.

Figure 6-3

Example VPN Deployment

Branch

VPN

Internet

Firewall

Corporate

Branch

Primary Secondary

VPN

87044

IKE Configuration

There must be at least one matching Internet Key Exchange (IKE) policy between two potential IPSec peers. The example configuration below shows a policy using pre-shared keys with 3DES as the encryption transform. There is a default IKE policy that contains the default values for the transform, hash method, Diffie-Helman group, authentication and lifetime parameters. This is the lowest priority IKE policy.

When using pre-shared keys, Cisco recommends that wildcard keys not be used. Instead, the example shows two keys configured for two separate IPSec peers. The keys should be carefully chosen; “cisco” is used only as an example. The use of alpha-numeric and punctuation characters as keys is recommended.

The IKE configurations shown below are all the same for each device, with the exception of the unique IP address used for each router.

Cisco AVVID Network Infrastructure IP Multicast Design

6-4

956651

Document info
Document views244
Page views244
Page last viewedFri Dec 09 12:31:19 UTC 2016
Pages98
Paragraphs2650
Words25637

Comments