280 Chapter 8 Cisco IOS IPSec Pre-Shared Keys and Certificate Authority Support

E X E R C I S E 8 . 3 ( c o n t i n u e d )

Lab_A(config)#interface s0/0

Lab_A(config-if)#crypto map test1

Lab_A(config-if)#^Z

Lab_A#

Lab_B(config)#crypto ipsec tramsform-set test esp-des

Lab_B(cfg-crypto-trans)#exit

Lab_B(config)#access-list 100 permit ip 172.16.2.0 0.0.0.255 172.16.1.0 0.0.0.255

Lab_B(config)#access-list 100 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255

Lab_B(config)#cryto map test1 100 ipsec-isakmp

Lab_B(config-crypto-map)#match address 100

Lab_B(config-crypto-map)#set transform-set test

Lab_B(config-crypto-map)#set peer 10.1.1.1

Lab_B(config-crypto-map)#exit

Lab_B(config)#interface s1/0

Lab_B(config-if)#crypto map test1

Lab_B(config-if)#^Z

Lab_B#

Yes, you did it! You’ve configured IPSec for CA support all the way through! Start planning the festivities, call all your friends, order the food, and practice your acceptance speech—oh, wait. Oops, sorry. There’s one more thing…

Testing and Verifying IPSec for CA

Verification. You’ve got to verify stuff, and IPSec for CA is no exception. You complete this one last gasp of a task using the same commands you learned earlier in the “Testing and Verifying IPSec” section in this chapter, along with the show commands I introduced you to in this section.