You must use the IKEv2 configuration blocks to accomplish this task.

CORRECT TEXT
You must use the IKEv2 configuration blocks to accomplish this task.


CORRECT TEXT
You must use the IKEv2 configuration blocks to accomplish this task.


Answer: Here are the steps as below:

Explanation:
Step 1: configure key ring
crypto ikev2 keyring mykeys
peer SiteB.cisco.com
address 209.161.201.1
pre-shared-key local $iteA
pre-shared key remote $iteB
Step 2: Configure IKEv2 profile
Crypto ikev2 profile default
identity local fqdn SiteA.cisco.com
Match identity remote fqdn SiteB.cisco.com
Authentication local pre-share
Authentication remote pre-share
Keyring local mykeys
Step 3: Create the GRE Tunnel and apply profile
crypto ipsec profile default
set ikev2-profile default
Interface tunnel 1
ip address 10.1.1.1
Tunnel source eth 0/0
Tunnel destination 209.165.201.1
tunnel protection ipsec profile default
end



Leave a Reply 1

Your email address will not be published. Required fields are marked *


Dennis Leon

Dennis Leon

The tunnel interface must be 1 according to the requirement, even though the communication should work fine as the local tunnel interface identifier has local significance.