You must use the IKE2 configuration blocks to accomplish this task.

CORRECT TEXT
You must use the IKE2 configuration blocks to accomplish this task.


CORRECT TEXT
You must use the IKE2 configuration blocks to accomplish this task.


Answer: See the explanation.

Explanation:
Here are the steps as below:
Step 1: configure key ring
crypto ikev2 keyring mykeys
peer SiteB.cisco.com
address 209.161.201.1
pre-shared-key local $iteA
pre-shared key remote $iteB
Step 2: Configure IKEv2 profile
Crypto ikev2 profile default
identity local fqdn SiteA.cisco.com
Match identity remote fqdn SiteB.cisco.com
Authentication local pre-share
Authentication remote pre-share
Keyring local mykeys
Step 3: Create the GRE Tunnel and apply profile
crypto ipsec profile default
set ikev2-profile default
Interface tunnel 0
ip address 10.1.1.1 255.255.255.0
Tunnel source eth 0/0
Tunnel destination 209.165.201.1
tunnel protection ipsec profile default
end

Show Hint

Leave a Reply 2

Your email address will not be published. Required fields are marked *

Papero23

Papero23

Proposal configuration is missed in the answer. I mean proposal configuration is needed since we are asked to configure IKEv2 proposal and make sure the tunnel will use the following parameters:
Encryption Algorithm: AES128
Integrity Algorithm: SHA1
Diffie-Hellman group: 5
In this case, smart defaults cannot make sure both routers will agree with the above parameters since both routers will try to agree with the strongest algorithm in this case AES-CBC-256
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15-mt/sec-flex-vpn-15-mt-book/sec-cfg-ikev2-flex.html#GUID-F936D366-EEE2-4016-A8CA-DE4EF6C1B205

Reply

sd

sd

crypto ikev2 proposal default
encryption aes-cbc-128
integrity sha1
group 5

Reply