X hits on this document

PDF document

Cisco AVVID Network Infrastructure IP Multicast Design - page 72 / 98

228 views

0 shares

0 downloads

0 comments

72 / 98

Chapter 6

IP Multicast in a Site-to-Site VPN

VPN Deployment Model

Crypto Map Configuration

The crypto map entry ties together the IPSec peers, the transform set used, and the access list used to define the traffic to be encrypted. The crypto map entries are evaluated sequentially.

In the example below, the crypto map name “static-map” and crypto map numbers (for example, “1” and “2”) are locally significant only. The first statement sets the IP address used by this peer to identify itself to other IPSec peers in this crypto map. This address must match the set peer statement in the remote IPSec peers' crypto map entries. This address must also match the address used with any preshared keys the remote peers might have configured. The IPSec mode defaults to tunnel mode.

Head-End

Following is the crypto map configuration for VPN-HE-1.

interface FastEthernet0/1

description to ISP for VPN ip address 131.108.1.1 255.255.255.252 ! crypto map static-map local-address FastEthernet0/1 ! crypto map static-map 1 ipsec-isakmp

set peer 131.108.101.1 set transform-set strong match address toBranch1

crypto map static-map 2 ipsec-isakmp set peer 131.108.102.1 set transform-set strong match address toBranch2

Following is the crypto map configuration for VPN-HE-2.

interface FastEthernet0/1 description to ISP for VPN ip address 131.108.1.5 255.255.255.252 ! crypto map static-map local-address FastEthernet0/1 ! crypto map static-map 1 ipsec-isakmp set peer 131.108.102.1 set transform-set strong match address toBranch2 crypto map static-map 2 ipsec-isakmp set peer 131.108.101.1 set transform-set strong match address toBranch1

Cisco AVVID Network Infrastructure IP Multicast Design

6-8

956651

Document info
Document views228
Page views228
Page last viewedThu Dec 08 00:27:33 UTC 2016
Pages98
Paragraphs2650
Words25637

Comments