I. Overview:
Cisco 15.2 iOS support IKEV2 IPSec VPN, security is more IKEV1, the first phase of authentication methods also have a variety of ways to support the local and remote use of different authentication methods, this test for both sides both local and remote use of preshared key method.
Two. Basic ideas:
The A.VPN peer is configured with a static VTI mode while the dynamic VTI mode is used.
B. The actual test found that the VTi interface can not knock tunnel mode IPSec IPv4, if the knock will cause IKEV2 VPN encryption point behind the network can not communicate (packets can not be encrypted by the encryption point to send out)
C. Another dynamic routing protocol if the use of OSPF, I do not know what is the reason, Static VTi side can not learn through OSPF to the other side of the release of the network by, if the use of EIGRP both sides can learn to each other published intranet routing.
Three. Test topology:
Four. Basic configuration:
A.R1:
Interface fastethernet0/0
IP address 172.16.1.2 255.255.255.0
No shut
IP Route 0.0.0.0 0.0.0.0 172.16.1.1
B.R2:
Interface fastethernet0/0
IP address 172.16.1.1 255.255.255.0
No shut!
Interface FASTETHERNET0/1
IP address 202.100.1.1 255.255.255.0
No shut
IP Route 0.0.0.0 0.0.0.0 202.100.1.10
C.R3:
Interface fastethernet0/0
IP address 202.100.1.10 255.255.255.0
No shut
Interface FASTETHERNET0/1
IP address 202.100.2.10 255.255.255.0
No shut
D.R4:
Interface Loopback0
IP address 4.4.4.4 255.255.255.240
Interface Loopback1
IP address 10.1.1.4 255.255.255.0
Interface fastethernet0/0
IP address 192.168.1.1 255.255.255.0
No shut
Interface FASTETHERNET0/1
IP address 202.100.2.1 255.255.255.0
No shut
IP Route 0.0.0.0 0.0.0.0 202.100.2.10
E:R5:
Interface fastethernet0/0
IP address 192.168.1.2 255.255.255.0
No shut
IP Route 0.0.0.0 0.0.0.0 192.168.1.1