O'Reilly logo

CCIE Security Practice Labs by Fahim Hussain Yusuf Bhaiji

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Section 5.0: IPSec/GRE Configuration

5.1. IPSec

5.1.1. IPSec LAN-to-LAN Using Preshared
  1. Configure a LAN-to-LAN IPSec between the PIX and R4. The key is the interesting traffic for IPSec—the IPSec access list, which should be for UDP port 45000, the postoffice protocol communication between the IDS and Director. You can also configure an access list for UDP traffic from host to host—10.50.13.82 to 10.50.31.60.

5.1.2. Advanced IPSec LAN-to-LAN
  1. Configure GRE traffic in section 5.2. IPSec access list should be host-to-host and use tunnel mode. Configure ISAKMP keepalive to check the connectivity. If the peer does not respond, phase1 SA will go down and this will also take down the phase 2 SAs.

  2. Also remember to configure no ip route-cache on all GRE ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required