Start with a Plan
The first thing to plan is what protocols to use for IKE Phase 1 and IKE Phase 2 and to identify which traffic should be encrypted.
From the earlier topology, let’s agree to encrypt any traffic from the 10.0.0.0/24 network behind R1 if those packets are going to 172.16.0.0/24 behind R2 and packets in the other direction from 172.16.0.0/24 to 10.0.0.0/24.
For IKE Phase 1, let’s use the following:
H: For hashing, we can use MD5 (128 bits) or SHA-1 (160 bits). Let’s go for MD5 for IKE Phase 1.
A: Authentication. We can use PSKs or digital certificates. Let’s start off with PSKs (a password really) for authentication.
G: For DH group, we can use 1, 2, or 5 on most routers. Let’s use group 2 in this example. If your router supports ...
Get Santos:CCNA Sec 210-260 OCG now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
