Comment
Author: Admin | 2025-04-28
Feature is disabled by default. Enable it only when necessary. Procedure Enable per-packet routing lookups for the IPsec inner packets. [no] [crypto] ipsec inner-routing-lookup Note This command, when configured, is only applicable for non-VTI based tunnels. Example ciscoasa(config)# crypto ipsec inner-routing-lookupciscoasa(config)# show run crypto ipsec crypto ipsec ikev2 ipsec-proposal GCM protocol esp encryption aes-gcm protocol esp integrity null crypto ipsec inner-routing-lookup Create Static Crypto Maps To create a basic IPsec configuration using a static crypto map, perform the following steps: Procedure Step 1 To create an ACL to define the traffic to protect, enter the following command: access-list access-list-name {deny | permit} ip source source-netmask destination destination-netmask The access-list-name specifies the ACL ID, as a string or integer up to 241 characters in length. The destination-netmask and source-netmask specifies an IPv4 network address and subnet mask. In this example, the permit keyword causes all traffic that matches the specified conditions to be protected by crypto. Example: hostname(config)# access-list 101 permit ip 10.0.0.0 255.255.255.0 10.1.1.0 255.255.255.0 Step 2 To configure an IKEv1 transform set that defines how to protect the traffic, enter the following command: crypto ipsec ikev1 transform-set transform-set-name encryption [authentication] Encryption specifies which encryption method protects IPsec data flows: esp-aes—Uses AES with a 128-bit key. esp-aes-192—Uses AES with a 192-bit key. esp-aes-256—Uses AES with a 256-bit key.\ esp-null—No encryption. Authentication specifies which encryption method to protect IPsec data flows: esp-sha-hmac—Uses the SHA/HMAC-160 as the hash algorithm. esp-none—No HMAC authentication. Example: In this example, myset1 and myset2 and aes_set are
Add Comment