Configuring IKE Phase 1

Previous page
Table of content
Next page

After you plan for IKE and IPSec and verify the router's current configuration, it is time to implement IPSec. You can always use the show running-config to verify a router's current configuration. Another good command is show access-lists . You use this command because you need to ensure that your current ACLs are not blocking IPSec protocols.

Prior to implementing IKE and IPSec, you fully plan the implementation.

graphics/alert_icon.gif

The goal of planning for IKE Phase 1 is to minimize potential misconfigurations.


graphics/alert_icon.gif

Encapsulating Security Payload (ESP) is IP protocol number 50. Authentication Header (AH) is IP protocol number 51. IKE uses User Datagram Protocol (UDP) port 500.


The first stage of implementation is configuring the IKE security parameters. The IKE security parameters are only for the IKE tunnel, not the IPSec tunnel. The IKE tunnel is used to securely negotiate the security parameters that will be used for the IPSec tunnel.

graphics/alert_icon.gif

No user data flows across the IKE Phase 1 tunnel.



Previous page
Table of content
Next page
CCSP SECUR Exam Cram 2
CCSP SECUR Exam Cram 2 (642-501)
ISBN: B000MU86IQ
EAN: N/A
Year: 2003
Pages: 291
Authors: Raman Sud
BUY ON AMAZON
Beginning Cryptography with Java
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
A Practitioners Guide to Software Test Design
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
Cultural Imperative: Global Trends in the 21st Century
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy