ISAKMP/IKE Phase 2 Configuration

Once ISAKMP/IKE Phase 1 completes (negotiates the Phase 1 policies, performs DH, and authenticates the peer), the management connection is established. The management connection is then used to build the two unidirectional data connections during ISAKMP/ IKE Phase 2. In its simplest form, there are three components that need to be configured for L2L sessions for ISAKMP/IKE Phase 2:

  • Define the traffic that needs to be protected (crypto ACL).

  • Define how that traffic is to be protected (transform set).

  • Define to whom the traffic should be forwarded (crypto map).

If the remote L2L peer acquires its address dynamically, and you want to allow the remote peer to build an L2L session to your router, you’ll have to build ...

Get The Complete Cisco VPN Configuration Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.