Creating a Router-to-Router VPN with RSA Keys
Problem
You want to create an encrypted VPN between two routers using RSA keys.
Solution
As in Recipe 12.3, we will use IPSec Transport mode and a GRE tunnel for this encrypted router-to-router connection:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#crypto key pubkey-chain rsa
Router1(config-pubkey-chain)#addressed-key
Router1(config-pubkey-key)#
172.16.2.1
address
Router1(config-pubkey-key)#
172.16.2.1
key-string
Enter a public key as a hexidecimal number .... Router1(config-pubkey)#Router1(config-pubkey)#
30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00EB0AB2
Router1(config-pubkey)#
EA33B519 0CD95EFF EDFD4723 BED73640 97981CC0 1FC83FBF 5C6DF97C 8CB8CE0A
Router1(config-pubkey)#
C5FE959D 1E055002 83B92EF4 35B69545 C3217E5F E0C32A73 44FD2373 15979E77
Router1(config-pubkey)#
75598BE0 B4A4E7B2 3C318C2D 3BF3B192 8B71D8C9 A1E0F929 0E84BDAD EC909833
Router1(config-pubkey)#
BC425170 400BD26A 319E632F 4E9649F5 BA7ADA40 5A94B09C 05F8414E 33020301 0001
quit
Router1(config-pubkey-key)#exit
Router1(config-pubkey-chain)#exit
Router1(config)#crypto isakmp policy
100 Router1(config-isakmp)#encryption aes
256 Router1(config-isakmp)#authentication rsa-encr
Router1(config-isakmp)#group
2 Router1(config-isakmp)#exit
Router1(config)#crypto ipsec transform-set
TUNNEL-TRANSFORM
ah-sha-hmac esp-aes
Router1(cfg-crypto-trans)#
256
mode transport
Router1(cfg-crypto-trans)#exit
Router1(config)#
Get Cisco IOS Cookbook, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.