X hits on this document

PDF document

Cisco AVVID Network Infrastructure IP Multicast Design - page 70 / 98

204 views

0 shares

0 downloads

0 comments

70 / 98

Chapter 6

IP Multicast in a Site-to-Site VPN

VPN Deployment Model

crypto isakmp key cisco address 131.108.1.1 crypto isakmp key cisco address 131.108.1.5

Tip

These defaults and more information can be found at: http://www.cisco.com/univercd/cc/td/doc/product/ software/ios122/122cgcr/fsecur_r/fipsencr/srfike.htm#xtocid17729

IPSec Transform and Protocol Configuration

Transform is the list of operations performed on a dataflow to provide data authentication, data confidentiality, and data compression. For example, one transform is the ESP protocol with the HMAC-MD5 authentication algorithm, another transform is the AH protocol with the 56-bit DES encryption algorithm, and yet another is the ESP protocol with the HMAC-SHA authentication algorithm.

The transform set must match on the two IPSec peers. The transform set names are locally significant only. However, the encryption transform, hash method, and the particular protocols used (ESP or AH) must match. You may also configure data compression here but it is not recommended on peers with high-speed links. There can be multiple transform sets for use between different peers. The example below shows the exact same transform set for the head-end and branch routers.

Head-End

Following is the transform configuration for the head-end routers.

crypto ipsec transform-set strong esp-3des esp-sha-hmac

Branch

Following is the transform configuration for the branch routers.

crypto ipsec transform-set strong esp-3des esp-sha-hmac

Tip

More information can be found at: http://www.cisco.com/univercd/cc/td/doc/product/ software/ios122/122cgcr/fsecur_r/fipsencr/srfipsec.htm#xtocid105784

Cisco AVVID Network Infrastructure IP Multicast Design

6-6

956651

Document info
Document views204
Page views204
Page last viewedSun Dec 04 06:26:47 UTC 2016
Pages98
Paragraphs2650
Words25637

Comments