Tim's Technology Journey Wiki

User Tools

Site Tools

Trace:
cisco:books:ccnp_300-730:ch3:000

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
cisco:books:ccnp_300-730:ch3:000 [2025/08/31 03:37] Namecisco:books:ccnp_300-730:ch3:000 [2025/08/31 18:12] (current) – [Lab 000 - Configure IKEv2 Initial Configurations] Name
Line 7: Line 7:
   * Chapter 3, Router Configuration with IKEv2, page 78.   * Chapter 3, Router Configuration with IKEv2, page 78.
  
 +  * This lab provides the answers how to configure IKEv2.
   * This lab has two directly connected routers that share IKEv2's ESP-encrypted messages.   * This lab has two directly connected routers that share IKEv2's ESP-encrypted messages.
  
Line 12: Line 13:
  
  
-__r1-hub__+__r1-hub's initial configuration__
 <code>en <code>en
 conf t conf t
 +no ip domain lookup
 hostname r1-hub hostname r1-hub
 line con 0 line con 0
 +history size 256
 logg syn logg syn
 exec-timeout 0 0 exec-timeout 0 0
Line 25: Line 28:
  ip address 1.1.1.1 255.255.255.255  ip address 1.1.1.1 255.255.255.255
 ! !
-interface Ethernet0/0+interface GigabitEthernet1
  shutdown  shutdown
  ip address 12.1.1.1 255.255.255.0  ip address 12.1.1.1 255.255.255.0
Line 62: Line 65:
  match address castle-acl  match address castle-acl
 ! !
-interface Ethernet0/0+interface GigabitEthernet1
  crypto map svpn-map  crypto map svpn-map
  no shutdown  no shutdown
Line 69: Line 72:
 wr</code> wr</code>
  
-__r2-spoke__+__r2-spoke's initial configuration__
 <code>en <code>en
 conf t conf t
 +no ip domain lookup
 hostname r2-spoke hostname r2-spoke
 line con 0 line con 0
 +history size 256
 logg syn logg syn
 exec-timeout 0 0 exec-timeout 0 0
Line 82: Line 87:
  ip address 2.2.2.2 255.255.255.255  ip address 2.2.2.2 255.255.255.255
 ! !
-interface Ethernet0/0+interface GigabitEthernet1
  shutdown  shutdown
  ip address 12.1.1.2 255.255.255.0  ip address 12.1.1.2 255.255.255.0
Line 119: Line 124:
  match address castle-acl  match address castle-acl
 ! !
-interface Ethernet0/0+interface GigabitEthernet1
  crypto map svpn-map  crypto map svpn-map
  no shutdown  no shutdown
Line 130: Line 135:
 Type escape sequence to abort. Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds: Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:
-.!!!! +..!!! 
-Success rate is 80 percent (4/5), round-trip min/avg/max = 5/5/ms</code> +Success rate is 60 percent (3/5), round-trip min/avg/max = 1/3/ms</code> 
-  * Packet Capture on r1-hub e0/0 interface. +<code>r1-hub#show crypto ikev2 sa 
-{{:cisco:books:ccnp_300-730:ch3:000:Lab-000-IKEv2-Capture.png?300 |}}\\ + IPv4 Crypto IKEv2  SA 
  
 +Tunnel-id Local                 Remote                fvrf/ivrf            Status 
 +1         12.1.1.1/500          12.1.1.2/500          none/none            READY  
 +      Encr: AES-CBC, keysize: 256, PRF: SHA512, Hash: SHA512, DH Grp:14, Auth sign: PSK, Auth verify: PSK
 +      Life/Active Time: 86400/13 sec
 +
 + IPv6 Crypto IKEv2  SA</code>
 +  * Packet Capture on r1-hub e0/0 interface.
 +{{ :cisco:books:ccnp_300-730:ch3:000:Lab-000-IKEv2-Capture.png?900 |Lab-000-IKEv2-Capture}}
 +  * The crypto is working correctly. The ICMP (ping) packets are formatted ESP because they are encrypted.
  
  
cisco/books/ccnp_300-730/ch3/000.1756611445.txt.gz · Last modified: by Name

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki