Tim's Technology Gauntlet Wiki

User Tools

Site Tools

Trace:
cisco:books:ccnp_300-730:ch3:000

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
cisco:books:ccnp_300-730:ch3:000 [2025/08/31 17:55] Namecisco:books:ccnp_300-730:ch3:000 [2025/10/04 02:56] (current) Name
Line 10: Line 10:
   * This lab has two directly connected routers that share IKEv2's ESP-encrypted messages.   * This lab has two directly connected routers that share IKEv2's ESP-encrypted messages.
  
-{{ :cisco:books:ccnp_300-730:ch3:000:Lab-000-IKEv2-Overview3.png?300 | Lab-000-IKEv2-Overview }}+{{ :cisco:books:ccnp_300-730:ch3:000:Lab-000-IKEv2-Overview.png?300 | Lab-000-IKEv2-Overview }}
  
  
-__r1-hub__+__r1-hub's initial configuration__
 <code>en <code>en
 conf t conf t
 +no ip domain lookup
 hostname r1-hub hostname r1-hub
 line con 0 line con 0
 +history size 256
 logg syn logg syn
 exec-timeout 0 0 exec-timeout 0 0
Line 26: Line 28:
  ip address 1.1.1.1 255.255.255.255  ip address 1.1.1.1 255.255.255.255
 ! !
-interface Ethernet0/0+interface GigabitEthernet1
  shutdown  shutdown
  ip address 12.1.1.1 255.255.255.0  ip address 12.1.1.1 255.255.255.0
Line 63: Line 65:
  match address castle-acl  match address castle-acl
 ! !
-interface Ethernet0/0+interface GigabitEthernet1
  crypto map svpn-map  crypto map svpn-map
  no shutdown  no shutdown
Line 70: Line 72:
 wr</code> wr</code>
  
-__r2-spoke__+__r2-spoke's initial configuration__
 <code>en <code>en
 conf t conf t
 +no ip domain lookup
 hostname r2-spoke hostname r2-spoke
 line con 0 line con 0
 +history size 256
 logg syn logg syn
 exec-timeout 0 0 exec-timeout 0 0
Line 83: Line 87:
  ip address 2.2.2.2 255.255.255.255  ip address 2.2.2.2 255.255.255.255
 ! !
-interface Ethernet0/0+interface GigabitEthernet1
  shutdown  shutdown
  ip address 12.1.1.2 255.255.255.0  ip address 12.1.1.2 255.255.255.0
Line 120: Line 124:
  match address castle-acl  match address castle-acl
 ! !
-interface Ethernet0/0+interface GigabitEthernet1
  crypto map svpn-map  crypto map svpn-map
  no shutdown  no shutdown
Line 131: Line 135:
 Type escape sequence to abort. Type escape sequence to abort.
 Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds: Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:
-.!!!! +..!!! 
-Success rate is 80 percent (4/5), round-trip min/avg/max = 5/5/ms</code> +Success rate is 60 percent (3/5), round-trip min/avg/max = 1/3/ms</code> 
-  * Packet Capture on r1-hub e0/0 interface. +<code>r1-hub#show crypto ikev2 sa 
-{{ :cisco:books:ccnp_300-730:ch3:000:Lab-000-IKEv2-Capture.png?900 |Lab-000-IKEv2-Capture}}\\ + IPv4 Crypto IKEv2  SA 
  
 +Tunnel-id Local                 Remote                fvrf/ivrf            Status 
 +1         12.1.1.1/500          12.1.1.2/500          none/none            READY  
 +      Encr: AES-CBC, keysize: 256, PRF: SHA512, Hash: SHA512, DH Grp:14, Auth sign: PSK, Auth verify: PSK
 +      Life/Active Time: 86400/13 sec
 +
 + IPv6 Crypto IKEv2  SA</code>
 +  * Packet Capture on r1-hub e0/0 interface.
 +{{ :cisco:books:ccnp_300-730:ch3:000:Lab-000-IKEv2-Capture.png?900 |Lab-000-IKEv2-Capture}}
 +  * The crypto is working correctly. The ICMP (ping) packets are formatted ESP because they are encrypted.
  
  
cisco/books/ccnp_300-730/ch3/000.1756662948.txt.gz · Last modified: by Name

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki