Cisco router IKEV2 l2lvpn Pre-shared password Authentication configuration

Source: Internet
Author: User
Tags ikev2

I. Overview:

Cisco 15.2 iOS support IKEV2 IPSec VPN, security is more IKEV1, the first phase of authentication methods also have a variety of ways to support the local and remote use of different authentication methods, this test for both sides both local and remote use of preshared key method.

Two. Basic ideas:

The A.VPN peer is configured with a static VTI mode while the dynamic VTI mode is used.

B. The actual test found that the VTi interface can not knock tunnel mode IPSec IPv4, if the knock will cause IKEV2 VPN encryption point behind the network can not communicate (packets can not be encrypted by the encryption point to send out)

C. Another dynamic routing protocol if the use of OSPF, I do not know what is the reason, Static VTi side can not learn through OSPF to the other side of the release of the network by, if the use of EIGRP both sides can learn to each other published intranet routing.

Three. Test topology:

Four. Basic configuration:

A.R1:

Interface fastethernet0/0

IP address 172.16.1.2 255.255.255.0

No shut

IP Route 0.0.0.0 0.0.0.0 172.16.1.1

B.R2:

Interface fastethernet0/0

IP address 172.16.1.1 255.255.255.0

No shut!

Interface FASTETHERNET0/1

IP address 202.100.1.1 255.255.255.0

No shut

IP Route 0.0.0.0 0.0.0.0 202.100.1.10

C.R3:

Interface fastethernet0/0

IP address 202.100.1.10 255.255.255.0

No shut

Interface FASTETHERNET0/1

IP address 202.100.2.10 255.255.255.0

No shut

D.R4:

Interface Loopback0

IP address 4.4.4.4 255.255.255.240

Interface Loopback1

IP address 10.1.1.4 255.255.255.0

Interface fastethernet0/0

IP address 192.168.1.1 255.255.255.0

No shut

Interface FASTETHERNET0/1

IP address 202.100.2.1 255.255.255.0

No shut

IP Route 0.0.0.0 0.0.0.0 202.100.2.10

E:R5:

Interface fastethernet0/0

IP address 192.168.1.2 255.255.255.0

No shut

IP Route 0.0.0.0 0.0.0.0 192.168.1.1

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.