Chapter Summary
The following list summarizes what you learned in this chapter:
Cisco supports the following IPSec standards: AH, ESP, DES, 3DES, MD5, SHA, RSA signatures, IKE (also known as ISAKMP), DH, and CAs.
There are five steps to IPSec: identifying interesting traffic, IKE phase 1, IKE phase 2, IPSec encrypted traffic, and tunnel termination.
IPSec SAs consist of a destination address, SPI, IPSec transform, mode, and SA lifetime value.
Define the detailed crypto IKE and IPSec policy before you begin configuration.
Ensure that router ACLs permit IPSec traffic.
IKE policies define the set of parameters used during IKE negotiation.
Transform sets determine IPSec transform and mode.
Crypto ACLs determine the traffic to be encrypted.
Use show and ...
Get CCSP Self-Study: Securing Cisco IOS Networks (SECUR) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
