![]() (R1 will now have two ISAKMP profiles, R1_to_R3 and R1_to_R5.) R1 Create a new ISAKMP profile on both R1 and R5 to match the peer IP address to the pre-shared key keyring. We can also re-use the ISAKMP policy we created on R1 in part one just remember to apply it to R5. ![]() Pre-shared-key address 172.17.0.1 key AnotherSecretKey Pre-shared-key address 172.17.0.5 key AnotherSecretKey Pre-shared-key address 172.16.0.3 key MySecretKey On R5, create a new keyring and key for R1. On R1, we can re-use the keyring we defined in part one and simply add a new key for R5. Route-based VPNs don't rely on an explicit policy (access list) to match traffic, so we can skip that step and start by creating a pre-shared key. In this second part, we'll look at configuring a route-based VPN on IOS and then examine some important differences between the two approaches. Make sure to read through part one before continuing if you haven't already. This article is a continuation of our discussion regarding policy-based versus route-based VPNs.
0 Comments
Leave a Reply. |