Defining IKE Phase 2 (IPSec) Policy
Once you have your IKE Phase 1 policy defined, you next identify your IKE Phase 2 (IPSec) policy. Again you first need to write down exactly what the policy should look like, as in Table 8.4.
| Policy | R1 Configuration | R2 Configuration |
|---|---|---|
| Protected networks | 30.1.1.0/24 | 30.2.2.0/24 |
| Transport used | TCP | TCP |
| IPSec policy | ESP-DES, AH-MD5 | ESP-DES, AH-MD5 |
| IPSec interface | S0/0 | S0/0 |
| Peer hostname | R2 | R1 |
| D-H authentication | Preshared | Preshared |
Example of IKE Phase 2 (IPSec) Policy
The IKE phase 2 policy that would be implemented to achieve the preceding security policy for R1 would look like:
R1 (config)# access-list 122 permit tcp 30.1.1.0 0.0.0.255 30.2.2.0 0.0.0.255 R1 (config)# crypto ipsec transform-set ...
Get SECUR Exam Cram™ 2 (Exam 642-501) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
