Planning for IKE and IPSec
The most important part of any IPSec implementation comes in the planning stage. You should define all parameters and policies on paper. You must know the IPSec gateways, the Phase 1 parameters to use, and the Phase 2 parameters to use, define what is interesting traffic, and define what interfaces IPSec will be applied to.
The goal is to minimize any misconfiguration when you configure actual implementation commands on your router.
A typical security policy would identify items such as those in Table 8.1.
| Policy | R1 Configuration | R2 Configuration |
|---|---|---|
| Protected networks | 30.1.1.0/24 | 30.2.2.0/24 |
| Transport used | TCP | TCP |
| IPSec policy | ESP-DES, AH-MD5 | ESP-DES, AH-MD5 |
| IPSec interface | S0/0 | S0/0 |
| Peer hostname | R2 | R1 |
| DH ... |
Get SECUR Exam Cram™ 2 (Exam 642-501) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
